This document presents an overview of cookies, detailing their anatomy, uses in web applications, and addressing common misconceptions. It emphasizes the importance of cookie management in Apex applications for improved authentication and provides resources for further exploration. The presentation also highlights technical aspects such as cookie security and browser compatibility.

1. Apex &
Cookie
Monster
Christian Rokitta

2. Apex &
Cookie
Monster
Christian Rokitta
This presentation uses cookies.
EU regulations require us to gain your
consent before continuing.
No, thanks Accept

3. Agenda
• Cookie Basics
• Anatomy of a Cookie
• Cookies in APEX
• Use Case:
Another Approach to Authentication

4. Cookie Basics - HTTP

5. What are Cookies…. Really?
• Small bits of text data that are stored in and
shared by the browser.
• Can be for any purpose:

6. Are Cookies Bad For You?
• Cookies have been given a bad reputation
o Developer Designs
o Hackers
o Advertisers
• Cookies can be useful
• As with real cookies …
Too many is probably not good for you

7. Anatomy of a Cookie

8. Domain
• Cookies from different sites are separated by
Domain
• Browsers only send cookies for the current
domain
• Super Cookies (*.com, *.org) are (and should
be) blocked by most browsers

9. Path
• Setting a Path dictates when a cookie is sent by the
browser.
• Path cookies are hierarchical, meaning that cookies at
higher path value will be sent when lower paths are
requested
Example: hbp://domain/applica6on/area/sub_area
Cookie for: /applica6on/area/sub_area
Cookie for: /applica6on/area
Cookie for: /applica6on
Cookie for: /

10. Expires
• Session: When the browser is closed, the
cookie value will be lost
• Date: Configurable date to allow persistence
of a cookie after the browser has been closed

11. HTTP_ONLY
• Modern browsers respect the separation of
cookies that should not be available to
JavaScript
• Reduces the risk of malicious JavaScript from
reading or adjus6ng the cookie values

12. Secure
• Only sent (by browser) when using HTTPS
• Secure cookies can be received via HTTP

13. Tools
• Different browsers provide different tools
• Cookies can be added, removed, and edited
• Most modern browsers will include easy
visibility into the cookies being used

14. APEX & Cookies

15. Page Render
• “I just did set it! Where did it go …?”
• You cannot read a cookie that you just did set
to use in your current page rendering

16. Why use?
The reason cookies are not seen as valuable to
APEX users is because of easy DB access and
session framework.
How can cookies provide value to an APEX
application?

17. Demo – Cookie Authentication

18. PL/SQL Packages
• SYS.UTL_HTTP is not available
(by default grants)
• OWA_COOKIE
• OWA_UTIL

19. OWA Cookie Record
TYPE vc_arr IS TABLE OF VARCHAR2(4000)
INDEX BY BINARY_INTEGER;
TYPE COOKIE IS RECORD (
name VARCHAR2(4000),
vals vc_arr,
num_vals INTEGER);

20. APEX JavaScript API
• apex.storage.getCookie(pName)
• apex.storage.setCookie(pName,pValue)

21. Resources & Kudos
• Demo Application
https://apex.oracle.com/pls/apex/f?p=63242:1::::::
• Blog Post (explaining the demo application)
http://rokitta.blogspot.nl/2012/10/remember-me-apex-autologin.html
• Many thanks to: Tim St. Hilaire, the original
Cookie Monster
http://wphilltech.com/apex-authentication-with-cookie/

22. Fragen & Antworten
http://rokitta.blogspot.com
@crokitta
christian@rokitta.nl
http://www.themes4apex.com
http://plus.google.com/+ChristianRokitta
http://nl.linkedin.com/in/rokit/