SlideShare a Scribd company logo

Exploring the details of APEX sessions

Download as PPTX, PDF
M
Menno Hoogendijk

A session is one of the main features of APEX. It established a stateful behavior across pages for each user. Usually we take a session for granted but knowing how sessions work in detail can be of great usage when debugging errors. How does APEX secure and validate a session and its items? We will see what happens between creation and destruction of a session and how you can interact with it. There are some important differences when assigning a value to an item via Automatic Row Fetch, Computation, Source or Default value. We all struggle with these things from time to time. And what happens exactly when you submit a page for page processing? Ever heard about a 32k limitation in APEX? We’ll go into detail to clear out the exact problem and how to deal with CLOBs. APEX 5.0 and APEX 5.1 have introduced additional features like asynchronous page submits, rejoin session and session cloning. We’ll take a look at how these things works and what the possible consequences are for our applications.

Software
1 of 65
Exploring the details of APEX sessions AUSOUG (webinar), Aug 3, 2017
3-8-2017Exploring the details of APEX sessions2 Menno Hoogendijk Fulltime APEX developer Working with Oracle since 2008 Tries to be a fullstack developer Presented this year at APEX Connect (Berlin) Kscope17 (San Antonio) @mennooo mennooo About me
3-8-2017Powerful JavaScript skills for APEX developers3 Menno Hoogendijk Fulltime APEX developer Working with Oracle since 2008 Tries to be a fullstack developer My third Kscope! Plugin your APEX widgets Powerful JavaScript skills for all APEX developers @mennooo mennooo About me
Today’s menu Introduction Creating a session The login process Session state Smaller session features The logout process
HTTP Protocol 3-8-2017Exploring the details of APEX sessions5 Web server Browser HTTP request messages: GET www.google.com HTTP/1.1 User-Agent: Mozilla/5.0 Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive HTTP response messages: HTTP/1.1 200 OK Content-Length: 88 Content-Type: text/html Connection: Closed <html> <body> <h1>Hello, World!</h1> </body> </html>
HTTP is stateless 3-8-2017Exploring the details of APEX sessions6 Web server User 2 User 3User 1 User 4
What is a session? 3-8-2017Exploring the details of APEX sessions7 “A session establishes stateful behavior across pages for each user”
How does APEX create a session?
The HTTP response status code 302 Found is a common way of performing URL redirection.
What happened in APEX? 3-8-2017Exploring the details of APEX sessions12 1 Check if the session is valid 3 Redirect to the “session not valid URL” 2 Create a new session for user “nobody”
1. Check if the session is valid 3-8-2017Exploring the details of APEX sessions13 How depends on your Authentication Scheme If a sentry function exists, it will use that one. If a sentry function does not exist, it will use the internal one. Authentication Scheme Cookie Session ID in Request Valid?
This is a custom Authentication Scheme
HTTPS only?
2. Create a new session for user “nobody” 3-8-2017Exploring the details of APEX sessions16 Even before login, a new session is created Tip: use apex_dictionary view select * from apex_dictionary where apex_view_name like '%SESSION%' and column_id = 0; Tip: grant role to schema to see all data grant apex_administrator_role to <SCHEMA>;
3. Redirect to the “session not valid URL” 3-8-2017Exploring the details of APEX sessions17 Only when sentry returns false
The login process
Authentication Process 3-8-2017Exploring the details of APEX sessions23 apex_authentication .login Pre Authentication Authentication Post Authentication
3-8-2017Plugin your APEX widgets26 Tip: FSP_AFTER_LOGIN_URL in Post Authentication Purpose: Do not go to predefined home page, but redirect to custom URL :FSP_AFTER_LOGIN_URL := apex_page.get_url(p_page => 2)
3-8-2017Plugin your APEX widgets27
3-8-2017Plugin your APEX widgets28
Update session for user “nobody” to “ADMIN” 3-8-2017Exploring the details of APEX sessions29
Session State – Page Rendering
There are different kinds of session state 3-8-2017Exploring the details of APEX sessions31 1 Persisted Session State 2 In Memory Session State Difference: is or is not stored in WWV_FLOW_DATA table
In Memory Session State 3-8-2017Exploring the details of APEX sessions32 2 Page item default value 1 Automatic Row Fetch 3 Page item source value
Demo 3-8-2017Exploring the details of APEX sessions33
Persisted Session State 3-8-2017Exploring the details of APEX sessions34 2 PL/SQL Process 1 Computation
Persisted Session State - When does the commit take place? 3-8-2017Exploring the details of APEX sessions35 3 If no item value has changed -> end of page rendering 2 If item value has changed -> end of block 1 If item value has changed using apex_util.set_session_state -> immediately
Demo 3-8-2017Exploring the details of APEX sessions36
Session State – Page Processing
What’s new in 5.1 3-8-2017Exploring the details of APEX sessions38 2 Reload on submit 1 Always via JSON (using XMLHttpRequest)
Always submit via JSON Processed via APEX_APPLICATION.ACCEPT Original JSON in APEX_JSON variables
XMLHttpRequest page submits and the 32k limitation 3-8-2017Exploring the details of APEX sessions40 People often mix up three limitations on 32K.  32K was the max size of a report row  32K is the max size of an APEX item  mod_plsql limits the size of a single parameter that can be passed to a procedure to 32K. (ORDS does not have this limitation) Doing asynchronous page submits in 5.1 only solves the limitation for mod_plsql because XMLHttpRequest supports chunked uploads.
Solutions for CLOBs (POST requests) 3-8-2017Exploring the details of APEX sessions41 2 apex.ajax.clob 1 Use an editable Interactive Grid var ajaxClob = new apex.ajax.clob() ajaxClob._set('very long text..') select clob001 from apex_collections where collection_name = 'CLOB_CONTENT’;
Reload on submit 3-8-2017Exploring the details of APEX sessions42 2 Only for success 1 Always
When reload on submit is set to always, APEX will process the page synchronous
When reload on submit is set to only for success, APEX will process the page asynchronous The request returns a URL in JSON format apex.navigation.redirect( responseData.redirectURL );
Tip: Do not use Reload on Submit set Only for Success in combination with Enable Duplicate Page Submissions set to No This will result in an error when first submit is not successful
Demo 3-8-2017Exploring the details of APEX sessions46
Rejoin Sessions
Rejoin sessions 3-8-2017Exploring the details of APEX sessions48 When is it useful?  User is already working in application  Opens a link to the same application in another tab □ Via link in email □ Via bookmark □ Other..
3-8-2017Plugin your APEX widgets49
3-8-2017Plugin your APEX widgets50 Rejoin sessions needs to be enabled in the Instance Administration
Demo 3-8-2017Exploring the details of APEX sessions51
Session cloning
APEX session isolation between multiple browser tabs 3-8-2017Exploring the details of APEX sessions53 When is it useful?  When you depend on page/ application items that are not part of page submission  For example: an application item that holds a certain context value □ Tab 1: Context is customer A □ Tab 2: Context is customer B  Security risks are not fully guaranteed yet, therefore option is disabled by default
Step 1: enable feature 3-8-2017Exploring the details of APEX sessions54 begin apex_instance_admin.set_parameter( p_parameter => 'CLONE_SESSION_ENABLED', p_value => 'Y' ); end;
Step 2: add navigation bar list entry for this URL 3-8-2017Exploring the details of APEX sessions55 f?p=&APP_ID.:&APP_PAGE_ID.:&APP_SESSION.:APEX_CLONE_SESSION
javascript:window.open('f?p=&APP_ID.:&APP_PAGE_ID.:&APP_S ESSION.:APEX_CLONE_SESSION', 'f?p=&APP_ID.:&APP_PAGE_ID.:&APP_SESSION.:APEX_CLONE_ SESSION');
Demo 3-8-2017Exploring the details of APEX sessions58
The logout process
Logout URL: &LOGOUT_URL. apex_authentication.logout?p_app_id=106&amp;p_session_id=6311950320799 Session is purged and no longer in apex_workspace_sessions view
You can purge all instance sessions
Thank you

Recommended

Deep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UKDeep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UKJosé Paumard
 
Reactive Web - Servlet & Async, Non-blocking I/O
Reactive Web - Servlet & Async, Non-blocking I/OReactive Web - Servlet & Async, Non-blocking I/O
Reactive Web - Servlet & Async, Non-blocking I/OArawn Park
 
Oracle APEX Cheat Sheet
Oracle APEX Cheat SheetOracle APEX Cheat Sheet
Oracle APEX Cheat SheetDimitri Gielis
 
Spring aop
Spring aopSpring aop
Spring aopHamid Ghorbani
 
How to Use JSON in MySQL Wrong
How to Use JSON in MySQL WrongHow to Use JSON in MySQL Wrong
How to Use JSON in MySQL WrongKarwin Software Solutions LLC
 
Spring Framework - AOP
Spring Framework - AOPSpring Framework - AOP
Spring Framework - AOPDzmitry Naskou
 
Optional in Java 8
Optional in Java 8Optional in Java 8
Optional in Java 8Richard Walker
 
Building RESTful applications using Spring MVC
Building RESTful applications using Spring MVCBuilding RESTful applications using Spring MVC
Building RESTful applications using Spring MVCIndicThreads
 

Recommended

Deep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UKDeep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UKJosé Paumard
 
Reactive Web - Servlet & Async, Non-blocking I/O
Reactive Web - Servlet & Async, Non-blocking I/OReactive Web - Servlet & Async, Non-blocking I/O
Reactive Web - Servlet & Async, Non-blocking I/OArawn Park
 
Oracle APEX Cheat Sheet
Oracle APEX Cheat SheetOracle APEX Cheat Sheet
Oracle APEX Cheat SheetDimitri Gielis
 
Spring aop
Spring aopSpring aop
Spring aopHamid Ghorbani
 
How to Use JSON in MySQL Wrong
How to Use JSON in MySQL WrongHow to Use JSON in MySQL Wrong
How to Use JSON in MySQL WrongKarwin Software Solutions LLC
 
Spring Framework - AOP
Spring Framework - AOPSpring Framework - AOP
Spring Framework - AOPDzmitry Naskou
 
Optional in Java 8
Optional in Java 8Optional in Java 8
Optional in Java 8Richard Walker
 
Building RESTful applications using Spring MVC
Building RESTful applications using Spring MVCBuilding RESTful applications using Spring MVC
Building RESTful applications using Spring MVCIndicThreads
 
What's new in PHP 8.0?
What's new in PHP 8.0?What's new in PHP 8.0?
What's new in PHP 8.0?Nikita Popov
 
[213]monitoringwithscouter 이건희
[213]monitoringwithscouter 이건희[213]monitoringwithscouter 이건희
[213]monitoringwithscouter 이건희NAVER D2
 
Spring Data JPA
Spring Data JPASpring Data JPA
Spring Data JPACheng Ta Yeh
 
Streaming Operational Data with MariaDB MaxScale
Streaming Operational Data with MariaDB MaxScaleStreaming Operational Data with MariaDB MaxScale
Streaming Operational Data with MariaDB MaxScaleMariaDB plc
 
Introduction to Spring WebFlux #jsug #sf_a1
Introduction to Spring WebFlux #jsug #sf_a1Introduction to Spring WebFlux #jsug #sf_a1
Introduction to Spring WebFlux #jsug #sf_a1Toshiaki Maki
 
MySQL Advanced Administrator 2021 - 네오클로바
MySQL Advanced Administrator 2021 - 네오클로바MySQL Advanced Administrator 2021 - 네오클로바
MySQL Advanced Administrator 2021 - 네오클로바NeoClova
 
The MySQL Query Optimizer Explained Through Optimizer Trace
The MySQL Query Optimizer Explained Through Optimizer TraceThe MySQL Query Optimizer Explained Through Optimizer Trace
The MySQL Query Optimizer Explained Through Optimizer Traceoysteing
 
A Prelude of Purity: Scaling Back ZIO
A Prelude of Purity: Scaling Back ZIOA Prelude of Purity: Scaling Back ZIO
A Prelude of Purity: Scaling Back ZIOJorge Vásquez
 
re:Invent 2022 DAT326 Deep dive into Amazon Aurora and its innovations
re:Invent 2022 DAT326 Deep dive into Amazon Aurora and its innovationsre:Invent 2022 DAT326 Deep dive into Amazon Aurora and its innovations
re:Invent 2022 DAT326 Deep dive into Amazon Aurora and its innovationsGrant McAlister
 
Load Balancing MySQL with HAProxy - Slides
Load Balancing MySQL with HAProxy - SlidesLoad Balancing MySQL with HAProxy - Slides
Load Balancing MySQL with HAProxy - SlidesSeveralnines
 
Introduction to GraphQL
Introduction to GraphQLIntroduction to GraphQL
Introduction to GraphQLAmazon Web Services
 
Mongo db 최범균
Mongo db 최범균Mongo db 최범균
Mongo db 최범균beom kyun choi
 
MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB
 
Mongodb 특징 분석
Mongodb 특징 분석Mongodb 특징 분석
Mongodb 특징 분석Daeyong Shin
 
Introduction to JCR and Apache Jackrabbi
Introduction to JCR and Apache JackrabbiIntroduction to JCR and Apache Jackrabbi
Introduction to JCR and Apache JackrabbiJukka Zitting
 
How to GraphQL
How to GraphQLHow to GraphQL
How to GraphQLTomasz Bak
 
Being Functional on Reactive Streams with Spring Reactor
Being Functional on Reactive Streams with Spring ReactorBeing Functional on Reactive Streams with Spring Reactor
Being Functional on Reactive Streams with Spring ReactorMax Huang
 
Introduction to GraphQL
Introduction to GraphQLIntroduction to GraphQL
Introduction to GraphQLAmazon Web Services
 
Capacitacion Apex 5 Oracle - Daniel Bermudez
Capacitacion Apex 5 Oracle - Daniel BermudezCapacitacion Apex 5 Oracle - Daniel Bermudez
Capacitacion Apex 5 Oracle - Daniel BermudezDaniel Bermudez
 
Spring AOP
Spring AOPSpring AOP
Spring AOPAnushaNaidu
 
Presentatie - Exploring the details of APEX sessions.pdf
Presentatie - Exploring the details of APEX sessions.pdfPresentatie - Exploring the details of APEX sessions.pdf
Presentatie - Exploring the details of APEX sessions.pdfJoeRodriguez477329
 
Migration from ASP to ASP.NET
Migration from ASP to ASP.NETMigration from ASP to ASP.NET
Migration from ASP to ASP.NETInformation Technology
 

More Related Content

What's hot

What's new in PHP 8.0?
What's new in PHP 8.0?What's new in PHP 8.0?
What's new in PHP 8.0?Nikita Popov
 
[213]monitoringwithscouter 이건희
[213]monitoringwithscouter 이건희[213]monitoringwithscouter 이건희
[213]monitoringwithscouter 이건희NAVER D2
 
Streaming Operational Data with MariaDB MaxScale
Streaming Operational Data with MariaDB MaxScaleStreaming Operational Data with MariaDB MaxScale
Streaming Operational Data with MariaDB MaxScaleMariaDB plc
 
Introduction to Spring WebFlux #jsug #sf_a1
Introduction to Spring WebFlux #jsug #sf_a1Introduction to Spring WebFlux #jsug #sf_a1
Introduction to Spring WebFlux #jsug #sf_a1Toshiaki Maki
 
MySQL Advanced Administrator 2021 - 네오클로바
MySQL Advanced Administrator 2021 - 네오클로바MySQL Advanced Administrator 2021 - 네오클로바
MySQL Advanced Administrator 2021 - 네오클로바NeoClova
 
The MySQL Query Optimizer Explained Through Optimizer Trace
The MySQL Query Optimizer Explained Through Optimizer TraceThe MySQL Query Optimizer Explained Through Optimizer Trace
The MySQL Query Optimizer Explained Through Optimizer Traceoysteing
 
A Prelude of Purity: Scaling Back ZIO
A Prelude of Purity: Scaling Back ZIOA Prelude of Purity: Scaling Back ZIO
A Prelude of Purity: Scaling Back ZIOJorge Vásquez
 
re:Invent 2022 DAT326 Deep dive into Amazon Aurora and its innovations
re:Invent 2022 DAT326 Deep dive into Amazon Aurora and its innovationsre:Invent 2022 DAT326 Deep dive into Amazon Aurora and its innovations
re:Invent 2022 DAT326 Deep dive into Amazon Aurora and its innovationsGrant McAlister
 
Load Balancing MySQL with HAProxy - Slides
Load Balancing MySQL with HAProxy - SlidesLoad Balancing MySQL with HAProxy - Slides
Load Balancing MySQL with HAProxy - SlidesSeveralnines
 
MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB
 
Mongodb 특징 분석
Mongodb 특징 분석Mongodb 특징 분석
Mongodb 특징 분석Daeyong Shin
 
Introduction to JCR and Apache Jackrabbi
Introduction to JCR and Apache JackrabbiIntroduction to JCR and Apache Jackrabbi
Introduction to JCR and Apache JackrabbiJukka Zitting
 
How to GraphQL
How to GraphQLHow to GraphQL
How to GraphQLTomasz Bak
 
Being Functional on Reactive Streams with Spring Reactor
Being Functional on Reactive Streams with Spring ReactorBeing Functional on Reactive Streams with Spring Reactor
Being Functional on Reactive Streams with Spring ReactorMax Huang
 
Capacitacion Apex 5 Oracle - Daniel Bermudez
Capacitacion Apex 5 Oracle - Daniel BermudezCapacitacion Apex 5 Oracle - Daniel Bermudez
Capacitacion Apex 5 Oracle - Daniel BermudezDaniel Bermudez
 

What's hot (20)

What's new in PHP 8.0?
What's new in PHP 8.0?What's new in PHP 8.0?
What's new in PHP 8.0?
 
[213]monitoringwithscouter 이건희
[213]monitoringwithscouter 이건희[213]monitoringwithscouter 이건희
[213]monitoringwithscouter 이건희
 
Spring Data JPA
Spring Data JPASpring Data JPA
Spring Data JPA
 
Streaming Operational Data with MariaDB MaxScale
Streaming Operational Data with MariaDB MaxScaleStreaming Operational Data with MariaDB MaxScale
Streaming Operational Data with MariaDB MaxScale
 
Introduction to Spring WebFlux #jsug #sf_a1
Introduction to Spring WebFlux #jsug #sf_a1Introduction to Spring WebFlux #jsug #sf_a1
Introduction to Spring WebFlux #jsug #sf_a1
 
MySQL Advanced Administrator 2021 - 네오클로바
MySQL Advanced Administrator 2021 - 네오클로바MySQL Advanced Administrator 2021 - 네오클로바
MySQL Advanced Administrator 2021 - 네오클로바
 
The MySQL Query Optimizer Explained Through Optimizer Trace
The MySQL Query Optimizer Explained Through Optimizer TraceThe MySQL Query Optimizer Explained Through Optimizer Trace
The MySQL Query Optimizer Explained Through Optimizer Trace
 
A Prelude of Purity: Scaling Back ZIO
A Prelude of Purity: Scaling Back ZIOA Prelude of Purity: Scaling Back ZIO
A Prelude of Purity: Scaling Back ZIO
 
re:Invent 2022 DAT326 Deep dive into Amazon Aurora and its innovations
re:Invent 2022 DAT326 Deep dive into Amazon Aurora and its innovationsre:Invent 2022 DAT326 Deep dive into Amazon Aurora and its innovations
re:Invent 2022 DAT326 Deep dive into Amazon Aurora and its innovations
 
Load Balancing MySQL with HAProxy - Slides
Load Balancing MySQL with HAProxy - SlidesLoad Balancing MySQL with HAProxy - Slides
Load Balancing MySQL with HAProxy - Slides
 
Introduction to GraphQL
Introduction to GraphQLIntroduction to GraphQL
Introduction to GraphQL
 
Mongo db 최범균
Mongo db 최범균Mongo db 최범균
Mongo db 최범균
 
MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
 
Mongodb 특징 분석
Mongodb 특징 분석Mongodb 특징 분석
Mongodb 특징 분석
 
Introduction to JCR and Apache Jackrabbi
Introduction to JCR and Apache JackrabbiIntroduction to JCR and Apache Jackrabbi
Introduction to JCR and Apache Jackrabbi
 
How to GraphQL
How to GraphQLHow to GraphQL
How to GraphQL
 
Being Functional on Reactive Streams with Spring Reactor
Being Functional on Reactive Streams with Spring ReactorBeing Functional on Reactive Streams with Spring Reactor
Being Functional on Reactive Streams with Spring Reactor
 
Introduction to GraphQL
Introduction to GraphQLIntroduction to GraphQL
Introduction to GraphQL
 
Capacitacion Apex 5 Oracle - Daniel Bermudez
Capacitacion Apex 5 Oracle - Daniel BermudezCapacitacion Apex 5 Oracle - Daniel Bermudez
Capacitacion Apex 5 Oracle - Daniel Bermudez
 
Spring AOP
Spring AOPSpring AOP
Spring AOP
 

Similar to Exploring the details of APEX sessions

Presentatie - Exploring the details of APEX sessions.pdf
Presentatie - Exploring the details of APEX sessions.pdfPresentatie - Exploring the details of APEX sessions.pdf
Presentatie - Exploring the details of APEX sessions.pdfJoeRodriguez477329
 
ASP.NET AJAX with Visual Studio 2008
ASP.NET AJAX with Visual Studio 2008ASP.NET AJAX with Visual Studio 2008
ASP.NET AJAX with Visual Studio 2008Caleb Jenkins
 
Assignment 2 - Power drill Grapevine "It's like Yik Yak, but for opinions ab...
Assignment 2 - Power drill Grapevine "It's like Yik Yak, but for opinions ab...Assignment 2 - Power drill Grapevine "It's like Yik Yak, but for opinions ab...
Assignment 2 - Power drill Grapevine "It's like Yik Yak, but for opinions ab...MATCHmaster
 
Usability AJAX and other ASP.NET Features
Usability AJAX and other ASP.NET FeaturesUsability AJAX and other ASP.NET Features
Usability AJAX and other ASP.NET FeaturesPeter Gfader
 
IBM ConnectED 2015 - MAS103 XPages Performance and Scalability
IBM ConnectED 2015 - MAS103 XPages Performance and ScalabilityIBM ConnectED 2015 - MAS103 XPages Performance and Scalability
IBM ConnectED 2015 - MAS103 XPages Performance and ScalabilityPaul Withers
 
ASP.NET Presentation
ASP.NET PresentationASP.NET Presentation
ASP.NET PresentationRasel Khan
 
High performance coding practices code project
High performance coding practices code projectHigh performance coding practices code project
High performance coding practices code projectPruthvi B Patil
 
Reach End Users With Next Generation Web Applications
Reach End Users With Next Generation Web ApplicationsReach End Users With Next Generation Web Applications
Reach End Users With Next Generation Web ApplicationsJeff Blankenburg
 
Introduction To Mvc
Introduction To MvcIntroduction To Mvc
Introduction To MvcVolkan Uzun
 
Asp.Net Ajax Component Development
Asp.Net Ajax Component DevelopmentAsp.Net Ajax Component Development
Asp.Net Ajax Component DevelopmentChui-Wen Chiu
 
ASP.NET MVC Fundamental
ASP.NET MVC FundamentalASP.NET MVC Fundamental
ASP.NET MVC Fundamentalldcphuc
 
Apex behind the scenes
Apex behind the scenesApex behind the scenes
Apex behind the scenesEnkitec
 
Pro Techniques for the SSAS MD Developer
Pro Techniques for the SSAS MD DeveloperPro Techniques for the SSAS MD Developer
Pro Techniques for the SSAS MD DeveloperJens Vestergaard
 
Single Sign-On for APEX applications based on Kerberos (Important: latest ver...
Single Sign-On for APEX applications based on Kerberos (Important: latest ver...Single Sign-On for APEX applications based on Kerberos (Important: latest ver...
Single Sign-On for APEX applications based on Kerberos (Important: latest ver...Niels de Bruijn
 
St Hilaire Ajax Start Odtug Nov 2009
St Hilaire Ajax Start Odtug Nov 2009St Hilaire Ajax Start Odtug Nov 2009
St Hilaire Ajax Start Odtug Nov 2009ruiruitang
 
Why use .net by naveen kumar veligeti
Why use .net by naveen kumar veligetiWhy use .net by naveen kumar veligeti
Why use .net by naveen kumar veligetiNaveen Kumar Veligeti
 

Similar to Exploring the details of APEX sessions (20)

Presentatie - Exploring the details of APEX sessions.pdf
Presentatie - Exploring the details of APEX sessions.pdfPresentatie - Exploring the details of APEX sessions.pdf
Presentatie - Exploring the details of APEX sessions.pdf
 
Migration from ASP to ASP.NET
Migration from ASP to ASP.NETMigration from ASP to ASP.NET
Migration from ASP to ASP.NET
 
ASP.NET AJAX with Visual Studio 2008
ASP.NET AJAX with Visual Studio 2008ASP.NET AJAX with Visual Studio 2008
ASP.NET AJAX with Visual Studio 2008
 
Assignment 2 - Power drill Grapevine "It's like Yik Yak, but for opinions ab...
Assignment 2 - Power drill Grapevine "It's like Yik Yak, but for opinions ab...Assignment 2 - Power drill Grapevine "It's like Yik Yak, but for opinions ab...
Assignment 2 - Power drill Grapevine "It's like Yik Yak, but for opinions ab...
 
Usability AJAX and other ASP.NET Features
Usability AJAX and other ASP.NET FeaturesUsability AJAX and other ASP.NET Features
Usability AJAX and other ASP.NET Features
 
Walther Ajax4
Walther Ajax4Walther Ajax4
Walther Ajax4
 
IBM ConnectED 2015 - MAS103 XPages Performance and Scalability
IBM ConnectED 2015 - MAS103 XPages Performance and ScalabilityIBM ConnectED 2015 - MAS103 XPages Performance and Scalability
IBM ConnectED 2015 - MAS103 XPages Performance and Scalability
 
ASP.NET Presentation
ASP.NET PresentationASP.NET Presentation
ASP.NET Presentation
 
High performance coding practices code project
High performance coding practices code projectHigh performance coding practices code project
High performance coding practices code project
 
Reach End Users With Next Generation Web Applications
Reach End Users With Next Generation Web ApplicationsReach End Users With Next Generation Web Applications
Reach End Users With Next Generation Web Applications
 
Introduction To Mvc
Introduction To MvcIntroduction To Mvc
Introduction To Mvc
 
Asp.Net Ajax Component Development
Asp.Net Ajax Component DevelopmentAsp.Net Ajax Component Development
Asp.Net Ajax Component Development
 
ASP.NET MVC Fundamental
ASP.NET MVC FundamentalASP.NET MVC Fundamental
ASP.NET MVC Fundamental
 
Apex behind the scenes
Apex behind the scenesApex behind the scenes
Apex behind the scenes
 
Pro Techniques for the SSAS MD Developer
Pro Techniques for the SSAS MD DeveloperPro Techniques for the SSAS MD Developer
Pro Techniques for the SSAS MD Developer
 
Single Sign-On for APEX applications based on Kerberos (Important: latest ver...
Single Sign-On for APEX applications based on Kerberos (Important: latest ver...Single Sign-On for APEX applications based on Kerberos (Important: latest ver...
Single Sign-On for APEX applications based on Kerberos (Important: latest ver...
 
St Hilaire Ajax Start Odtug Nov 2009
St Hilaire Ajax Start Odtug Nov 2009St Hilaire Ajax Start Odtug Nov 2009
St Hilaire Ajax Start Odtug Nov 2009
 
NET_Training.pptx
NET_Training.pptxNET_Training.pptx
NET_Training.pptx
 
ASP.NET WEB API Training
ASP.NET WEB API TrainingASP.NET WEB API Training
ASP.NET WEB API Training
 
Why use .net by naveen kumar veligeti
Why use .net by naveen kumar veligetiWhy use .net by naveen kumar veligeti
Why use .net by naveen kumar veligeti
 

Recently uploaded

Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfLivetecs LLC
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noidabntitsolutionsrishis
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 

Recently uploaded (20)

Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdf
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 

Exploring the details of APEX sessions

  • 1. Exploring the details of APEX sessions AUSOUG (webinar), Aug 3, 2017
  • 2. 3-8-2017Exploring the details of APEX sessions2 Menno Hoogendijk Fulltime APEX developer Working with Oracle since 2008 Tries to be a fullstack developer Presented this year at APEX Connect (Berlin) Kscope17 (San Antonio) @mennooo mennooo About me
  • 3. 3-8-2017Powerful JavaScript skills for APEX developers3 Menno Hoogendijk Fulltime APEX developer Working with Oracle since 2008 Tries to be a fullstack developer My third Kscope! Plugin your APEX widgets Powerful JavaScript skills for all APEX developers @mennooo mennooo About me
  • 4. Today’s menu Introduction Creating a session The login process Session state Smaller session features The logout process
  • 5. HTTP Protocol 3-8-2017Exploring the details of APEX sessions5 Web server Browser HTTP request messages: GET www.google.com HTTP/1.1 User-Agent: Mozilla/5.0 Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive HTTP response messages: HTTP/1.1 200 OK Content-Length: 88 Content-Type: text/html Connection: Closed <html> <body> <h1>Hello, World!</h1> </body> </html>
  • 6. HTTP is stateless 3-8-2017Exploring the details of APEX sessions6 Web server User 2 User 3User 1 User 4
  • 7. What is a session? 3-8-2017Exploring the details of APEX sessions7 “A session establishes stateful behavior across pages for each user”
  • 8. How does APEX create a session?
  • 9.
  • 10.
  • 11. The HTTP response status code 302 Found is a common way of performing URL redirection.
  • 12. What happened in APEX? 3-8-2017Exploring the details of APEX sessions12 1 Check if the session is valid 3 Redirect to the “session not valid URL” 2 Create a new session for user “nobody”
  • 13. 1. Check if the session is valid 3-8-2017Exploring the details of APEX sessions13 How depends on your Authentication Scheme If a sentry function exists, it will use that one. If a sentry function does not exist, it will use the internal one. Authentication Scheme Cookie Session ID in Request Valid?
  • 14. This is a custom Authentication Scheme
  • 16. 2. Create a new session for user “nobody” 3-8-2017Exploring the details of APEX sessions16 Even before login, a new session is created Tip: use apex_dictionary view select * from apex_dictionary where apex_view_name like '%SESSION%' and column_id = 0; Tip: grant role to schema to see all data grant apex_administrator_role to <SCHEMA>;
  • 17. 3. Redirect to the “session not valid URL” 3-8-2017Exploring the details of APEX sessions17 Only when sentry returns false
  • 18.
  • 19.
  • 20.
  • 21.
  • 23. Authentication Process 3-8-2017Exploring the details of APEX sessions23 apex_authentication .login Pre Authentication Authentication Post Authentication
  • 24.
  • 25.
  • 26. 3-8-2017Plugin your APEX widgets26 Tip: FSP_AFTER_LOGIN_URL in Post Authentication Purpose: Do not go to predefined home page, but redirect to custom URL :FSP_AFTER_LOGIN_URL := apex_page.get_url(p_page => 2)
  • 29. Update session for user “nobody” to “ADMIN” 3-8-2017Exploring the details of APEX sessions29
  • 30. Session State – Page Rendering
  • 31. There are different kinds of session state 3-8-2017Exploring the details of APEX sessions31 1 Persisted Session State 2 In Memory Session State Difference: is or is not stored in WWV_FLOW_DATA table
  • 32. In Memory Session State 3-8-2017Exploring the details of APEX sessions32 2 Page item default value 1 Automatic Row Fetch 3 Page item source value
  • 34. Persisted Session State 3-8-2017Exploring the details of APEX sessions34 2 PL/SQL Process 1 Computation
  • 35. Persisted Session State - When does the commit take place? 3-8-2017Exploring the details of APEX sessions35 3 If no item value has changed -> end of page rendering 2 If item value has changed -> end of block 1 If item value has changed using apex_util.set_session_state -> immediately
  • 37. Session State – Page Processing
  • 38. What’s new in 5.1 3-8-2017Exploring the details of APEX sessions38 2 Reload on submit 1 Always via JSON (using XMLHttpRequest)
  • 39. Always submit via JSON Processed via APEX_APPLICATION.ACCEPT Original JSON in APEX_JSON variables
  • 40. XMLHttpRequest page submits and the 32k limitation 3-8-2017Exploring the details of APEX sessions40 People often mix up three limitations on 32K.  32K was the max size of a report row  32K is the max size of an APEX item  mod_plsql limits the size of a single parameter that can be passed to a procedure to 32K. (ORDS does not have this limitation) Doing asynchronous page submits in 5.1 only solves the limitation for mod_plsql because XMLHttpRequest supports chunked uploads.
  • 41. Solutions for CLOBs (POST requests) 3-8-2017Exploring the details of APEX sessions41 2 apex.ajax.clob 1 Use an editable Interactive Grid var ajaxClob = new apex.ajax.clob() ajaxClob._set('very long text..') select clob001 from apex_collections where collection_name = 'CLOB_CONTENT’;
  • 42. Reload on submit 3-8-2017Exploring the details of APEX sessions42 2 Only for success 1 Always
  • 43. When reload on submit is set to always, APEX will process the page synchronous
  • 44. When reload on submit is set to only for success, APEX will process the page asynchronous The request returns a URL in JSON format apex.navigation.redirect( responseData.redirectURL );
  • 45. Tip: Do not use Reload on Submit set Only for Success in combination with Enable Duplicate Page Submissions set to No This will result in an error when first submit is not successful
  • 48. Rejoin sessions 3-8-2017Exploring the details of APEX sessions48 When is it useful?  User is already working in application  Opens a link to the same application in another tab □ Via link in email □ Via bookmark □ Other..
  • 50. 3-8-2017Plugin your APEX widgets50 Rejoin sessions needs to be enabled in the Instance Administration
  • 53. APEX session isolation between multiple browser tabs 3-8-2017Exploring the details of APEX sessions53 When is it useful?  When you depend on page/ application items that are not part of page submission  For example: an application item that holds a certain context value □ Tab 1: Context is customer A □ Tab 2: Context is customer B  Security risks are not fully guaranteed yet, therefore option is disabled by default
  • 54. Step 1: enable feature 3-8-2017Exploring the details of APEX sessions54 begin apex_instance_admin.set_parameter( p_parameter => 'CLONE_SESSION_ENABLED', p_value => 'Y' ); end;
  • 55. Step 2: add navigation bar list entry for this URL 3-8-2017Exploring the details of APEX sessions55 f?p=&APP_ID.:&APP_PAGE_ID.:&APP_SESSION.:APEX_CLONE_SESSION
  • 57.
  • 61.
  • 62.
  • 63.
  • 64. You can purge all instance sessions

Editor's Notes

  1. Thank you for joining me tonight. I did a few other presentations this year and they were all about advanced features or usage, mostly JavaScript. But a while ago I had a problem and needed to understand how APEX sessions work exactly. I did a lot of investigation and found interesting thing along the way that I didn’t knew or just took for granted. I realized it helped a lot knowing about all these little details and how everything works together to create stateful behavior in APEX. You don’t get statefulness in web applications by default. It has to be created by your framework, in our case APEX. And besides that, APEX includes a few hidden gems regarding sessions I want to tell you about.
  2. My name is Menno I live in the Netherlands, so for me it’s still morning I started out with Oracle in 2008, first as a DBA trainee and discovered APEX pretty soon. Then I became fulltime APEX developer, focusing at the database, webserver and clientside techniques as JavaScript I was happy to get selected for APEX Connect and Kscope17 earlier this year. If you ever have the chance to visit Kscope, please do because you’ll meet the whole community and learn so much. Please feel free to follow me on twitter and I have some repositories on Github as well
  3. I work for a company called Qualogy. They do all kinds things with Oracle, mainly focused on the cloud nowadays. As you can see also active in the Caribean but I haven’t been able to do a project over there yet unfortunately..
  4. So today is all about APEX sessions. We will start at the beginning, creating a new session, logging in, looking at how we interact with the session along the way. Finally we’ll logout again and by then we should know how sessions work in great detail. It’s my first webinar, please feel free to ask questions
  5. So with APEX, we create web applications. And the web uses the HTTP protocol to send data to the server and return data to clients. For instance this is what would happen if we go to the browser, and enter googles URL. From the client, a GET request is made. The URL brings you to a Google webserver. It processes the request and give some response message back in return. In this case, HTTP status code 200 means that it’s OK and gives HTML content, which the browser uses to create a page with. The server by default does not care which client does the request, It returns the same message to every client.
  6. There is no stateful connection between a client and the server. If we want to create such a thing, we need to send session information in our requests. The most common way to do this is via cookies.
  7. Here you can see that I opened up a new and empty browser window. I have a link to an APEX page which I want goto. Maybe this comes from a bookmark or something. We all know that I won’t be allowed to see this page when authentication is required. But lets see in detail what actually happens.
  8. First thing to do is open up the developer console in Google Chrome. We can log all the HTTP Requests the client makes. We have to check the Preserve log option to do so. Then, actually make the request, hit enter in the URL field.
  9. Now we have a log of requests. The one op top is the oldest request, so our starting point. As you can see, we requested the HOME page. But we received HTTP status 302. What is 302? It tells the browser to make another request to a specified URL What was the specified URL? The LOGIN page So somehow APEX managed to check that we didn’t have a valid session and performed a redirect to the login page.
  10. We saw what happened on the client. Now lets look a the server side of things. Three things have happened in APEX. First, did we have a valid session? If not, redirect to a URL. And when we landed on the login page, a new session was created for user “nobody” User “nobody” is a special kind of user and we’ll find more about it soon.
  11. How does APEX check if a session is valid or if a session exists? If didn’t know what the meaning of the word sentry was, but I’ve checked and the meaning is like a guard at a military base. Maybe you haven’t heard about this function, nore used it explicitly. But it is executed for every apex request. The internal sentry function checks the contents of the authentication scheme cookie and the session ID in the request. If the combination is valid, then your session is valid. If not, we get redirected.
  12. The sentry function is part of the Authentication Scheme setting in Shared Components. You may refer to a database object or to a function which you have written below. If we look at my function here, that always returns true. What do you think would happen if we try to access any page with authorization of our application? Anybody would have immediate access to every page!! This is a very powerful function.
  13. Here you see the section in shared components, authentication scheme, session cookie attributes. As I said you can give the cookie a now, if no name is provided, a default name is used. Then we have three other options. The cookie path: A URL path must exist in order for the cookie to be sent to the client The cookie domain: The hosts to which the cookie will be sent Secure: Only send the cookie when there is a HTTPS connection
  14. We can query the session table. APEX includes a lot of views that can be of great value. Let your starting point be the apex_dictionary view. And if possible, grant the user which queries these views the apex_administrator_role. If you would use for example your parsing schema from the application and not have this role, you would only see data for that workspace.
  15. For us, executing the sentry function returned false so we need to redirect to a url
  16. And where to redirect to is part of the session not valid attributes in our authentication scheme. In this case we refer to the login page, which is set at user interface attributes.
  17. For our desktop user interface, we see the final value of our Login URL.
  18. And indeed, on the client, we are redirected to this very page. As you can see we were not only redirected, we also received a new APEX session with an ID. It might be strange at first that a session is created before login right?? But think about limiting the amount of login attempts and setting login timeouts on the client. A session provides a way to identify the same client even before login to do these things.
  19. We did not only get a session ID, but also the corresponding cookie. The cookie content is unreadable and probably contains a unique encrypted key which is decrypted on the server to find the correct session id.
  20. A lot of security features covered but we haven’t actually logged in yet.
  21. Maybe you have seen this function to. Another login function but in a different package. This is basically a wrapper for the login procedure but supports a few extra things like support for preserved case usernames. These extra things only make sense for custom authentication schemes. In this chart we see can also do things just before login (pre authentication). Might be useful to log authentication attempts or something. Then the custom login wrapper which executes the default login function. Finally post authentication. In here you would typically initialize APPLICATION ITEMS or any form of context for the session.
  22. This is our login page, with the username and password item. On page submit, we use these page items to perform authentication.
  23. apex_authentication.login will call your speficied authentication function. It has two parameters, again, username and password. In this function you will check if the user is valid and the password is correct. This function should not do anything extra.
  24. The post authentication is also the place to change the redirection URL after login. There is a special application item name FSP_AFTER_LOGIN_URL which does this trick. Even when you have a page with Deeplinking it will override that value. I will talk about deeplinking in a moment.
  25. The home url, which by default you are directed to, is part of the user interface attributes.
  26. And now we are finally logged in. On thing to notice is that we still got the same session id that we received before login.
  27. So APEX has updated the sessions table and changed the user_name column to our admin username.
  28. So there values are not stored in a table when assigned. Why? The automatic row fetch calculated the source for page items Both the source and default attribute are not the new final value of the item, it’s just a suggestion. We have to submit the real values in order to make then persisted. Computations are real assignments of new values to items, so they are final.
  29. Persisted session state means saving item values in a table. This is done for computations and PL/SQL Processes.
  30. These values are stored in the table. When does the commit take place? If page item value has changed -> end of process point If no page item value has changed -> end of page rendering
  31. APEX 5.1 has introduced Asynchronous Page Submits Instead of submitting the whole page, APEX makes an AJAX request with the complete page data as json object. If validations fail or errors occur, you can the the message instantly instead of first reloading the whole page. The Reload on submit feature is new and has to work together with the two other options. Lets take a look.
  32. From now on, always processed as JSON. Fact. This JSON object contains every pageItem on the page. A request is made the the accept procedure. This will update the session state of all the page items. Everything is perstisted.
  33. APEX 5.1 has introduced Asynchronous Page Submits Instead of submitting the whole page, APEX makes an AJAX request with the complete page data as json object. If validations fail or errors occur, you can the the message instantly instead of first reloading the whole page. The Reload on submit feature is new and has to work together with the two other options. Lets take a look.
  34. Here we see that it we get a 302 redirect and the browser will follow this URL. This is the pre APEX 5.1 way.
  35. This is the new way starting in 5.1. Now we get HTTP OK 200 and do a redirect in JavaScript. The second combination is with only for success and compatibility mode pre 5.1. Client side validations is also a new 5.1 feature. For now client side validations only check for required fields. Setting compatibility mode to pre 5.1 disables client side validation. But #### Ik krijg dit nu wel voor elkaar ###
  36. So this is the first combination of settings that you must use carefully Because the page was not reloaded when an error occured but the page was already submitted.
  37. Two interesting features are Rejoin Session and Deeplinking. First of all Rejoin session
  38. What this means is that the sentry function no longer uses the Session ID in the URL. It only uses the Authentication Scheme Cookie to validate a session. The result is that you can have a link or bookmark to a page in your application and when you are already logged in (in another tab), it will join that session and use the same session ID. You might think, this is great, I can now send emails which link to some detail page and let the users do something there. But no, you can’t set items, request, trigger on demand processes without a checksum in the URL. So the actual usability of the feature is quite limited.
  39. Enable session state Go to page without session id Goto page and set item Enable checksum Repeat set 3 -> error