Skip to Main Content
Forums

APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Authentication Issue, Session Cookie,

I_love_bitsOct 13 2017 — edited Oct 23 2017

Hello,

befor I start with my question, here some important details.

We have some APEX (4.2) applications, which all use a central APEX login-app. At least we call it login-app.

It is very small app with one page which just contains a login form.

In the "Authentication Scheme" we define

  • an "Authentication Function Name"
  • a "Session Not Valid" URL
  • a "Post-Logout URL"
  • and below "Session Cookie Attributes" => we define a "Cookie Name".
    The help text for the "Cookie Name" is:
    "Name for the session cookie, which is required to identify an Application Express session, together with the session id in the URL. If no value for the session cookie name is specified, Application Express picks a default value."
    As far as I understand this cookie is very important. I think it contains some information about where we come from.

By the way: This "Authentication Scheme" we have in the login-app and with the same settings in ALL other apps.

If we want to login in a "real" app, we get redirected to this login-app. If the credentials are fine, then the login app link us back to the "real" app where we come from and I think the information where we come from is stored in the mentioned Cookie.

Wtih other words:

If we want to login in https://company.at/apex/f?p=1000  we get redirected to the login-app with the app-id 170 (https://company.at/apex/f?p=170 ). If the credentials are fine, the login-app redirect us back to the app with the app-id 1000.

So far, nothing special.

Now the problem/question:

If someone saves the URL of the login-app (app-id 170) as a bookmark, the next time he use the bookmark, then the login-app does not know which app he wants to login and cannot link to some app.

Hope you can follow until now. Otherwise please ask.

First i was thinking about to check the http(s) refferer on the login-form in the login app (app-id 170). If the refferer is null (if we choose something from our browser bookmarks), then I can tell the user some solutions.

If the refferer is not null, I can show the login-form.

But this idea has one problem: If someone is typing the url of an "real" app like https://company.at/apex/f?p=1000  into the browser, the refferer is null too.

So, not the best solution so far.

Does anybody have a similar login-app? How do you handle this issue?

Does somebody have some ideas?

Kind regards,

rrr
This post has been answered by I_love_bits on Oct 23 2017
Jump to Answer
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Nov 20 2017
Added on Oct 13 2017
#apex-discussions
1 comment
404 views