APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Authentication - Session not valid URL

Scott WesleyOct 7 2018 — edited Oct 8 2018

(This applies to any version)

The help for the session not valid URL includes the Session substitution string (sans fullstop).

However, the session variable is not honoured.

With the following setting

f?p=&APP_ID.:LOGIN_DESKTOP:&SESSION.:AUTH_SETTING

this url

f?p=33008:1:112119543857983:::::

was sent here upon verify function returning false - note different session ID

f?p=33008:LOGIN_DESKTOP:103415376015197:AUTH_SETTING::::

Given this feature is regarding "session not valid", this is no doubt expected - so the inline help needs modifiying.

But it would be nifty if it was honoured. As a workaround, I have a Before Header Application Process instead, directing to a URL of my choice if some condition is true.

if user_does_not_belong_here then

htp.init();

apex_util.redirect_url(l_url, false);

end if;

Thoughts?

Scott

Added on Oct 7 2018

#apex, #apex-discussions, #security

2 comments

1,106 views