1. Get rid of all advertisements and get unlimited access to documents by upgrading to Premium Membership. Upgrade to Premium Now and also get a Premium Badge!

Set Maximum user sessions for Apps11i

Discussion in 'Oracle Apps Technical' started by v_deep2002, Sep 11, 2009.

  1. v_deep2002

    v_deep2002 Active Member

    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    55
    Hi,
    I am new DBA working with oracle apps 11i.
    I am being able to open multiple instances from a single system.
    How can I restrict 1 session from a system at a time.

    Regards
    Deepak
     
  2. Kirti

    Kirti Forum Advisor

    Messages:
    46
    Likes Received:
    12
    Trophy Points:
    130
    From Metalink Note 375403.1

    You can enable the Business Event "oracle.apps.icx.security.session.created " Business Event: oracle.apps.icx.security.session.created

    Any given user can by default open multiple sessions with Oracle Applications.

    For example, given 2 different computers, the user SYSADMIN can connect from both with no problem whatsoever.

    Some customers started seeing this as a security threat. Most customers requirements were that if user JOE, logged in from machine XYZ, that should be the only session that this user has.

    Now, HTTP is a stateless protocol, thus the HTTP server has no way to know that the same user has been logged from a different machine. Remember that Session Management in Oracle Applications is performed at a higher layer (AOL/J and ICX), so the HTTP server does not prevent a second session for a given user from happening.

    The solution is provided with the Business Event System (part of the Workflow Suite)

    ICX created a new event named oracle.apps.icx.security.session.created, which, if enabled and also subscribed, will be fired (think of a business event as a DB Trigger) when a new session is created.

    How does it work?

    User XYZ creates a session. The FND APIs assign a session_id to this new session. The event is raised via WF_EVENT.RAISE and it executes a rule function that takes the session_id and the fnd_user.user_id as parameters. This function will execute the following SQL script:
    UPDATE ICX_SESSIONS
    SET DISABLED_FLAG='Y'
    WHERE USER_ID = <fnd_user>
    AND SESSION_ID != <session_id>

    And that’s it. If XYZ logs in, all the previous existing sessions for this user will be automatically invalidated.

    Some customers are not happy with this functionality. They would expect that if XYZ has a previously established session, when he or she wants to log in from another computer, the login screen should send a message type “sorry, you already have an open session”. However, given the nature of HTTP, this is not possible due to the following reasons:
    • Browsers can crash, leaving the existing session open and the user without any chance to log in
    • Users close the browser window instead of logging off as intended
    • Computers can crash

    An enhancement to this behavior can be considered in the future, however it is unlikely that could be approved.
     
    v_deep2002 likes this.
  3. v_deep2002

    v_deep2002 Active Member

    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    55
    Thanks a lot Kirti. The detailed explanation helped me not only solving the problem, but also understanding the concept.