问题
I open a few oracle connections with oracle jdbc. And I need to test a certain case where the db's password gets expired and the connections should be not working. However, when I manually expire the db password, the connections still stay open and working. What should I do for connections to get closed or to get closed when I expire the db password?
回答1:
If a user password expiration occurs in the middle of an already established connection(session), it will not end a user session - the session wont be automatically closed. The user will be able to proceed and prompted(SQL*PLUS or other tools) to change his/her password on the first attempt to log in after the expiration. That the right behavior. Let a user finish what he/she has already started. If you able to close a connection killing a user session right after the expiration you probably wont do it clean and user's work cold be lost.
Edit
In case the user doesn't log in again, when would the connections get closed? Is there a stay-alive time for connections or something like that?
First of all let's define session and connection. Session is a logical entity and connection is a physical one. And one connection can have from 0 to n sessions established on it(You can test it using sql*plus CLI and information from v$process view). Thus password expiration leans more toward user session than connection and when a user logs out, its session ceases to exist, but connection can still be established and closed when a client application is closed.
would a session stay open forever until the user logs out?
Yes, it's possible. if you are absolutely sure that a user or an application has got their work done and simply forgot to close a session, you can use alter system kill session <<SID>>, <<Serial_Number>> to kill(you have to be granted alter system privilege) the session(s).
Are there any time constraints?
You could create a profile with IDLE_TIME option specified.
create profile <<Profile_name>> limit idle_time <<num_of_minutes>>
and assign it to a user. When a session inactivity time - time when a session is not making any SQL calls exceeds <<num_of_minutes>> Oracle will rolls back the current transaction and end that session.
You also can configure terminating of a connection that is no longer in use by setting SQLNET.EXPIRE_TIME parameter, in minutes, in the sqlnet.ora file.
来源:https://stackoverflow.com/questions/19403574/expired-database-password-and-still-alive-connections