Hi
I have a public page in my application which does different things depending on whether or not a user has logged in (i.e. the user has been authenticated). The application was originally developed in 3.2 and recently we've been running it in 4.0, it's worked successfully in both versions for many months.
We're now upgrading the 4.1 and it has decided that the user session is always authenticated! Which is a major problem.
I've always used apex_custom_auth.is_session_valid which in the help is described as "This function is a Boolean result obtained from executing the current application's authentication scheme to determine if a valid session exists. This function returns the Boolean result of the authentication scheme's page sentry."
To compare the applications in APEX 4.0 and APEX 4.1, on the public page I've added the following to a temporary pl/sql region on the page:
IF apex_custom_auth.is_session_valid THEN
htp.p(v('APP_USER')||' TRUE ');
ELSE
htp.p(v('APP_USER')||' FALSE ');
END IF;
In APEX 4.0 I get:
nobody FALSE
But in APEX 4.1 I get:
nobody TRUE
It appears the apex_custom_auth.is_session_valid function has changed in 4.1 and now returns TRUE when I haven't logged in. In fact, I can't see when it would return FALSE!
(If I could downgrade to APEX 4.0 I would, unfortunately out applications now won't run on 4.0. I've also tried using apex_util.get_authentication_result but this always returns 0, perhaps I'm not using this right.)
Is this a bug? Or am I using the function incorrectly? If so, can anyone advise how I can check if the user has been authenticated.
Many thanks
Sara