APEX

Hi,

I would like to ask a few questions about apex and epg.

I have already installed and configured apex 3.2 on oracle 10g (on my localhost - computer name 'chen_rong', ip address -192.168.88.175 ), and enable anonymous access xdb http server.

now,
1. I can access 'http://chen_rong' , 'http://localhost' , 'http://192.168.88.175' without input username / password for realm 'XDB' in IE6;
2. I can access 'http://localhost/apex/apex_admin' , 'http://192.168.88.175/apex/apex_admin' , and I can be redirected into apex administation page after input admin/<my apex admin password> for realm 'APEX' in IE6;
3. I can access 'http://chen_rong/apex/apex_admin' in IE6, but after input admin/password , I can not be redirected into administation page, because the cookie was blocked by IE6.

then, the first question is :
Q1: What is the difference among 'http://chen_rong' , 'http://localhost' , 'http://192.168.88.175' ? I have already include site 'chen_rong' into my trusted stes! why the cookie was blocked by IE6. I have already tried firefox and google browser, both of them were ok for 'chen_rong', no cookie blocked from site 'chen_rong'!

and,
1. I have tried to use the script in attachment to test http authentication and also want to catch the cookie by utl_http .
2. please review the script for me.
3. I did:
SQL> exec show_url('http://localhost/apex/apex_admin/','ADMIN','Passw0rd');

HTTP response status code: 401
HTTP response reason phrase: Unauthorized
Please supplied the required Basic authentication username/password for realm XDB for the Web page.
Web page http://localhost/apex/apex_admin/ is protected.
MS-Author-Via: DAV
DAV: 1,2,<http://www.oracle.com/xdb/webdav/props>
Server: Oracle XML DB/Oracle Database
WWW-Authenticate: Basic realm="XDB"
Date: Tue, 04 Aug 2009 02:25:15 GMT
Content-Type: text/html; charset=GBK
Content-Length: 147
======================================

PL/SQL procedure successfully completed

4. I also did :

SQL> exec show_url('http://localhost/apex/apex_admin/','ANONYMOUS','ANONYMOUS');

HTTP response status code: 500
HTTP response reason phrase: Internal Server Error
Check if the Web site is up.

PL/SQL procedure successfully completed

SQL> exec show_url('http://localhost/apex/apex_admin/','SYSTEM','apexsite');

HTTP response status code: 401
HTTP response reason phrase: Unauthorized
Please supplied the required Basic authentication username/password for realm APEX for the Web page.
Web page http://localhost/apex/apex_admin/ is protected.
Content-Type: text/html
Content-Length: 147
WWW-Authenticate: Basic realm="APEX"
======================================

PL/SQL procedure successfully completed

my second questions is :
Q2: After I entered into realm 'XDB', I still need went into realm'APEX'. how could I change the script show_url to accomplish these two tasks and successfully get the cookie from site.

the show_url script is as following:
CREATE OR REPLACE PROCEDURE show_url
(url IN VARCHAR2,
username IN VARCHAR2 DEFAULT NULL,
password IN VARCHAR2 DEFAULT NULL)
AS
req UTL_HTTP.REQ;
resp UTL_HTTP.RESP;
name VARCHAR2(256);
value VARCHAR2(1024);
data VARCHAR2(255);
my_scheme VARCHAR2(256);
my_realm VARCHAR2(256);
my_proxy BOOLEAN;
cookies UTL_HTTP.COOKIE_TABLE;
secure VARCHAR2(1);
BEGIN
-- When going through a firewall, pass requests through this host.
-- Specify sites inside the firewall that don't need the proxy host.

-- UTL_HTTP.SET_PROXY('proxy.example.com', 'corp.example.com');

-- Ask UTL_HTTP not to raise an exception for 4xx and 5xx status codes,
-- rather than just returning the text of the error page.

UTL_HTTP.SET_RESPONSE_ERROR_CHECK(FALSE);

-- Begin retrieving this Web page.
req := UTL_HTTP.BEGIN_REQUEST(url);

-- Identify yourself.
-- Some sites serve special pages for particular browsers.
UTL_HTTP.SET_HEADER(req, 'User-Agent', 'Mozilla/4.0');

-- Specify user ID and password for pages that require them.
IF (username IS NOT NULL) THEN
UTL_HTTP.SET_AUTHENTICATION(req, username, password, 'Basic', false);
END IF;

-- Start receiving the HTML text.
resp := UTL_HTTP.GET_RESPONSE(req);

-- Show status codes and reason phrase of response.
DBMS_OUTPUT.PUT_LINE('HTTP response status code: ' || resp.status_code);
DBMS_OUTPUT.PUT_LINE
('HTTP response reason phrase: ' || resp.reason_phrase);

-- Look for client-side error and report it.
IF (resp.status_code >= 400) AND (resp.status_code <= 499) THEN

-- Detect whether page is password protected
-- and you didn't supply the right authorization.

IF (resp.status_code = UTL_HTTP.HTTP_UNAUTHORIZED) THEN
UTL_HTTP.GET_AUTHENTICATION(resp, my_scheme, my_realm, my_proxy);
IF (my_proxy) THEN
DBMS_OUTPUT.PUT_LINE('Web proxy server is protected.');
DBMS_OUTPUT.PUT('Please supply the required ' || my_scheme ||
' authentication username/password for realm ' || my_realm ||
' for the proxy server.');
ELSE


DBMS_OUTPUT.PUT_LINE('Please supplied the required ' || my_scheme ||
' authentication username/password for realm ' || my_realm ||
' for the Web page.');
DBMS_OUTPUT.PUT_LINE('Web page ' || url || ' is protected.');
END IF;
ELSE
DBMS_OUTPUT.PUT_LINE('Check the URL.');
END IF;

-- UTL_HTTP.END_RESPONSE(resp);
-- RETURN;

-- Look for server-side error and report it.
ELSIF (resp.status_code >= 500) AND (resp.status_code <= 599) THEN
DBMS_OUTPUT.PUT_LINE('Check if the Web site is up.');
UTL_HTTP.END_RESPONSE(resp);
RETURN;
END IF;

-- HTTP header lines contain information about cookies, character sets,
-- and other data that client and server can use to customize each
-- session.

FOR i IN 1..UTL_HTTP.GET_HEADER_COUNT(resp) LOOP
UTL_HTTP.GET_HEADER(resp, i, name, value);
DBMS_OUTPUT.PUT_LINE(name || ': ' || value);
END LOOP;

-- Read lines until none are left and an exception is raised.
--LOOP
-- UTL_HTTP.READ_LINE(resp, value);
-- DBMS_OUTPUT.PUT_LINE(value);
--END LOOP;


UTL_HTTP.GET_COOKIES(cookies);
dbms_output.put_line('======================================');
FOR i in 1..cookies.count LOOP
IF (cookies(i).secure) THEN
secure := 'Y';
ELSE
secure := 'N';
END IF;
-- INSERT INTO my_cookies
-- VALUES (my_session_id, cookies(i).name, cookies(i).value,
-- cookies(i).domain,
-- cookies(i).expire, cookies(i).path, secure, cookies(i).version);

dbms_output.put_line('site:'||url);
dbms_output.put_line('cookies:');
dbms_output.put_line('name:'||cookies(i).name);
dbms_output.put_line('value:'||cookies(i).value);
dbms_output.put_line('domain:'||cookies(i).domain);
dbms_output.put_line('expire:'||cookies(i).expire);
dbms_output.put_line('path:'||cookies(i).path);
dbms_output.put_line('secure:'||secure);
dbms_output.put_line('version:'||cookies(i).version);
END LOOP;
UTL_HTTP.END_RESPONSE(resp);
EXCEPTION
WHEN UTL_HTTP.END_OF_BODY THEN
UTL_HTTP.END_RESPONSE(resp);
END;
/