Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> OAS custom authentication problem affects single user

OAS custom authentication problem affects single user

From: J Smith <htcd747_at_hotmail.com>
Date: Tue, 08 Oct 2002 11:20:29 -0500
Message-ID: <1642570.yOdXrzekAK@nowhere.nowhere.purdue.edu> 





I'd appreciate any help on this one, which has me pulling out my hair.



We've got an PL/SQL application in an 8.1.7.3 database running on a Solaris 
8 host called "db".  The application is accessed via an OAS 4.0.8.2 system 
with the listener running on host "www", also a Solaris 8 box.  OAS, the 
database, and Solaris are all up to date wrt patches.



We control access to the application using the OAS custom, per-package 
authentication scheme.  Once authenticated, state is maintained with a 
session cookie.  All of this has been working perfectly for several years 
now, and we have made no changes to the PL/SQL or OAS configuration.



Now I have a user who can no longer authenticate to the application from her 
Windows box using IE 5.5.  One day she was using the application (i.e., she 
had already authenticated) and clicked to go to a new page, which took a 
long time to load.  She got tired of waiting and killed the browser by 
clicking the 'X'.  Since then she has not been able to authenticate to the 
application.



    
  
  1.   I've verified that she is using the correct password and username.

  
  2.   I can log in to the application from her PC using the same browser

  
  3.   She can log in to the application from a different PC

  
  4.   The connection to the listener is SSL, so I can't really see what's going 
back and forth with a sniffer.  However, I can see from the packets that 
are being exchanged that *nothing* is being sent from the browser to the 
httpd listener at the point when she fills in the login popup box and 
clicks OK.  That is, I can see packets whizzing back and forth between her 
PC and the listener until she fills in her login name and password and 
clicks OK, but then nothing is sent.  This is also confirmed by running a 
tail on the wrb.log file....






The problem really appears to be in her browser.  Perhaps IE is keeping a 
corrupted session cookie from the time she killed the browser and it's 
preventing her from authenticating now.



However, her PC was reloaded by tech support and the problem has persisted. 
(I've got an inquiry out with them to find out how thorough the re-imaging 
really was.)



Questions:



    
  
  1.   Anyone know where IE 5.5 keeps session cookies?  The registry?  On disk?

  
  2.   Does OAS keep state about remote sessions somewhere?  






I haven't been able to find any problem similar to this in metalink or 
groups.google.com.  Thanks very much for any help or ideas.  Please direct 
replies to this newsgroup.



Jeff
Received on Tue Oct 08 2002 - 11:20:29 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US