APEX

I've got an application with a custom authentication scheme that does some conditional stuff on the login page depending on whether the user is logged in or not.

In the past, I've used the "Must Not Be Public User" authorization scheme for these objects (regions, processes, calculations) and it has worked. But recently, the behavior changed and I can't figure out why. Objects that should not display are being displayed. For the workspace where the condition works correctly (and before logging in), APP_USER is "nobody", but on the workspaces where the condition does not work (also before logging in), APP_USER is NULL if I go to the application as an end user. If I go through the application developer, APP_USER is set to my developer username.

As I say, other apps on other workspaces work properly, so it sounds like a configuration error to me. Our admins have checked the database and APEX configurations and can't find anything that would cause this behavior.

The application has its Public User attribute (Shared Components --> Edit Security Attributes) set to APEX_PUBLIC_USER. We're using Application Express 4.0.1.00.03.

Any ideas? Are we missing a configuration item that sets the public user?