Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Apex & Cookie Monster Christian Rokitta
Apex & Cookie Monster Christian Rokitta This presentation uses cookies. EU regulations require us to gain your consent bef...
Agenda • Cookie Basics • Anatomy of a Cookie • Cookies in APEX • Use Case: Another Approach to Authentication
Cookie Basics - HTTP
What are Cookies…. Really? • Small bits of text data that are stored in and shared by the browser. • Can be for any purpos...
Are Cookies Bad For You? • Cookies have been given a bad reputation o Developer Designs o Hackers o Advertisers • Cookies ...
Anatomy of a Cookie
Domain • Cookies from different sites are separated by Domain • Browsers only send cookies for the current domain • Super ...
Path • Setting a Path dictates when a cookie is sent by the browser. • Path cookies are hierarchical, meaning that cookies...
Expires • Session: When the browser is closed, the cookie value will be lost • Date: Configurable date to allow persistenc...
HTTP_ONLY • Modern browsers respect the separation of cookies that should not be available to JavaScript • Reduces the ris...
Secure • Only sent (by browser) when using HTTPS • Secure cookies can be received via HTTP
Tools • Different browsers provide different tools • Cookies can be added, removed, and edited • Most modern browsers will...
APEX & Cookies
Page Render • “I just did set it! Where did it go …?” • You cannot read a cookie that you just did set to use in your curr...
Why use? The reason cookies are not seen as valuable to APEX users is because of easy DB access and session framework. How...
Demo – Cookie Authentication
PL/SQL Packages • SYS.UTL_HTTP is not available (by default grants) • OWA_COOKIE • OWA_UTIL
OWA Cookie Record TYPE vc_arr IS TABLE OF VARCHAR2(4000) INDEX BY BINARY_INTEGER; TYPE COOKIE IS RECORD ( name VARCHAR2(40...
APEX JavaScript API • apex.storage.getCookie(pName) • apex.storage.setCookie(pName,pValue)
Resources & Kudos • Demo Application https://apex.oracle.com/pls/apex/f?p=63242:1:::::: • Blog Post (explaining the demo a...
Fragen & Antworten http://rokitta.blogspot.com @crokitta christian@rokitta.nl http://www.themes4apex.com http://plus.googl...
Upcoming SlideShare
Loading in …5
×

APEX & Cookie Monster

1,763 views

Published on

Das Cookie Prinzip der Browser ist relative einfach zu begreifen, doch die Umsetzung in APEX kann für den APEX Einsteiger eine Herausforderung sein. In dieser Präsentation wird neben dem Basiskonzept die sinnvolle Benutzung in APEX, die Risiken und Vorteile von Cookies in APEX Webapplikationen besprochen und an einem praktischen Beispiel erläutert.

Published in: Software
no profile picture user

  • Login to see the comments

APEX & Cookie Monster

  1. 1. Apex & Cookie Monster Christian Rokitta
  2. 2. Apex & Cookie Monster Christian Rokitta This presentation uses cookies. EU regulations require us to gain your consent before continuing. No, thanks Accept
  3. 3. Agenda • Cookie Basics • Anatomy of a Cookie • Cookies in APEX • Use Case: Another Approach to Authentication
  4. 4. Cookie Basics - HTTP
  5. 5. What are Cookies…. Really? • Small bits of text data that are stored in and shared by the browser. • Can be for any purpose:
  6. 6. Are Cookies Bad For You? • Cookies have been given a bad reputation o Developer Designs o Hackers o Advertisers • Cookies can be useful • As with real cookies … Too many is probably not good for you
  7. 7. Anatomy of a Cookie
  8. 8. Domain • Cookies from different sites are separated by Domain • Browsers only send cookies for the current domain • Super Cookies (*.com, *.org) are (and should be) blocked by most browsers
  9. 9. Path • Setting a Path dictates when a cookie is sent by the browser. • Path cookies are hierarchical, meaning that cookies at higher path value will be sent when lower paths are requested Example: hbp://domain/applica6on/area/sub_area Cookie for: /applica6on/area/sub_area Cookie for: /applica6on/area Cookie for: /applica6on Cookie for: /
  10. 10. Expires • Session: When the browser is closed, the cookie value will be lost • Date: Configurable date to allow persistence of a cookie after the browser has been closed
  11. 11. HTTP_ONLY • Modern browsers respect the separation of cookies that should not be available to JavaScript • Reduces the risk of malicious JavaScript from reading or adjus6ng the cookie values
  12. 12. Secure • Only sent (by browser) when using HTTPS • Secure cookies can be received via HTTP
  13. 13. Tools • Different browsers provide different tools • Cookies can be added, removed, and edited • Most modern browsers will include easy visibility into the cookies being used
  14. 14. APEX & Cookies
  15. 15. Page Render • “I just did set it! Where did it go …?” • You cannot read a cookie that you just did set to use in your current page rendering
  16. 16. Why use? The reason cookies are not seen as valuable to APEX users is because of easy DB access and session framework. How can cookies provide value to an APEX application?
  17. 17. Demo – Cookie Authentication
  18. 18. PL/SQL Packages • SYS.UTL_HTTP is not available (by default grants) • OWA_COOKIE • OWA_UTIL
  19. 19. OWA Cookie Record TYPE vc_arr IS TABLE OF VARCHAR2(4000) INDEX BY BINARY_INTEGER; TYPE COOKIE IS RECORD ( name VARCHAR2(4000), vals vc_arr, num_vals INTEGER);
  20. 20. APEX JavaScript API • apex.storage.getCookie(pName) • apex.storage.setCookie(pName,pValue)
  21. 21. Resources & Kudos • Demo Application https://apex.oracle.com/pls/apex/f?p=63242:1:::::: • Blog Post (explaining the demo application) http://rokitta.blogspot.nl/2012/10/remember-me-apex-autologin.html • Many thanks to: Tim St. Hilaire, the original Cookie Monster http://wphilltech.com/apex-authentication-with-cookie/
  22. 22. Fragen & Antworten http://rokitta.blogspot.com @crokitta christian@rokitta.nl http://www.themes4apex.com http://plus.google.com/+ChristianRokitta http://nl.linkedin.com/in/rokit/

×