Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Session state in connection pooling environment

Re: Session state in connection pooling environment

From: Joel Garry <joelgarry_at_anabolicinc.com>
Date: Wed, 6 Oct 2004 10:19:51 -0700
Message-ID: <FF740DD879899E418DE668EE8B6A201FADF6@lf-mail.anabolic.inc>

>As for session variables, again, the app-server is managing these. I'm
not
>exactly sure how, but I'm guessing that each web client gets a unique
client
>id that it shares with the app-server for each transaction. Session
>variables are probably managed via this client id.

If you look at the access logs under (infrastructure and midtier homes)\apache\apache\logs you can see how SSO is handling login requests and tokenizing requests to the db server. So you can see that there is a different user for the transactions and assume the database is handling at least the rollbacks correctly. The app-server is a less mature product, so there may be more suspicion in what it manages. I know I've seen weirdnesses in webcache with portal, for sure. I would be surprised if anything as stupid as confusing transactions is happening, that would be a security transgression beyond anything seen so far. Of course, confusing transactions with the same user might be a feature :-)

Personally, I've seen several cases on the web, where I assume they are not using Oracle, where I've suddenly found myself logged in as someone else, doing things like modifying their public resumes. What is most amazing is the effen support people won't believe there is a problem! I usually make some minor change down near the bottom and notify the other person to complain to the site. One guy was a DBA at a place I had applied to...

>Please please please someone correct me. Lots of assumptions in this
>response.

Well, if Oracle would document what is really going on, we wouldn't have to assume so much. Also, some people's past rants about handling things in the database versus in applications might apply here.

Joel Garry=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 = =A0joelgarry_at_anabolicinc.com=A0=A0
(949) =
609-4020=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 = =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0
http://www.garry.to=20
=A0

--
http://www.freelists.org/webpage/oracle-l
Received on Wed Oct 06 2004 - 12:15:21 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US