Hi all! I am facing some difficulty that I hope you can help me with. I am using APEX authentication for my application – and I am trying to get my application to force the user to reset their password after the first use. I thought this should happen automatically – but it does not (even if I use the built-in login page). So, I turn to you to see if you can help me figure out what I’m missing. Thank you for reading!
Authentication Scheme: Using APEX authentication, with a post-login procedure called check_pwd_reset. The procedure looks like this:
/*
PROCEDURE check_pwd_reset IS
l_host_url varchar2(1000) := apex_util.host_url('SCRIPT') || 'f?p=53140:500:' || :APP_SESSION;
BEGIN
IF (apex_util.change_password_on_first_use (:APP_USER) = TRUE AND apex_util.password_first_use_occurred (:APP_USER) = FALSE) THEN
apex_util.set_session_state('FSP_AFTER_LOGIN_URL', l_host_url);
END IF;
END;
*/
Login Page: Default 101 – no change
Post-login Page (pg 102): Has 2 password fields, and a submit button. The validation checks to see if the passwords match. If they do,
then it runs the following process: apex_util.change_current_user_pw(:P500_NEW_PASSWORD);
Upon completion of that process, it runs a pl/sql branch: apex_authentication.logout(:SESSION,:APP_ID);
It all seems to work ok – BUT my user (set up to change password on first login) is ALWAYS prompted to change their password, even after the first login. It appears as if the call to password_first_use_occurred never evaluates to True.
To see this behavior, please use user of guest and password of
lisaf1: https://apex.oracle.com/pls/apex/f?p=53140:LOGIN_DESKTOP:104844892394198