just set the oracle accounts to lock after the 3rd unsuccessful attempt. Scenario: upon the user entering the web application we have the user login one time successfully then log out. now at the same web applcation login screen the user will enter a wrong password 3 times. we check the oracle account and the account shows locked, then entering the incorrect password once more for a forth time and we have and oracle message returning to the applcation login page showing that the account is locked. So for some reason that i can figure out, On the same session after seeing the oracle account lock message the user can then enter their correct password and access the application. then after about a minute or two the user can log out try to login and then access is denied
any help would be much appreciated
Thanks!