APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Session ID is reused in a different computer if you send a link with it

Luis CabralSep 29 2011 — edited Sep 29 2011

Hi there,

I have an Apex 4 application with a public page on it. This is the link for it:

http://server/apex/f?p=111:200

When I enter in the browser address field and click Go, it becomes:

http://server/apex/f?p=111:200:2783115048414842

Now, if I copy this URL, send it to another computer and paste it in the browser address field, I would expect the session ID to change because the corresponding cookie is not present. However it works with the same session ID!

The problem with this is that, if someone sends a link to someone else, they may end sharing the same session state, which obviously can be a disaster.

In the hope this will fix it, we started using session ID = 0 for public pages, but I would like to understand what is happening. Why does Apex uses the same session ID in a different computer? Doesn't the session ID work together with a security cookie?

Any clarification will be most welcome!

Thanks,
Luis

Locked Post

New comments cannot be posted to this locked post.

Locked on Oct 27 2011

Added on Sep 29 2011

#apex-discussions

2 comments

1,142 views