Databases Reference
In-Depth Information
To summarize, you can conigure security attributes in the following two ways:
• Use a wizard and select a value for speciic attribute categories. Those
selections are then applied to all pages and items within the application.
• Conigure values for individual pages, items, and/or application items.
You can conigure session state protection by making use of the wizard. The
selections applied in the wizard will be active for all pages within the application.
The navigation path to start the wizard is as follows: Navigate to
Session
State Protection
page, select
Set Protection
, and select a value for the
Select
Conigure
option.
When session state is enabled, the page uses the page protection attributes and a
checksum added in the URL. Session state protection protects against unauthorized
access and URL tampering. In Application Express the MD5 checksum is used.
In the following screenshot, you can see the checksum at the end of the URL:
Heads up for Oracle Application Express version 4.x
Certain types of page items on submit produce an error after
upgrading to Oracle Application Express 4.1 and higher.
The error is as follows:
Session state protection violation: This may be
caused by manual alteration of protected page item
PX_XX. If you are unsure what caused this error,
please contact the application administrator for
assistance.
The change of behavior for
Display Only
page items, where
Save Session State
=
Yes
, is an intentional change in Oracle
Application Express 4.1.1.
This more restrictive check has been implemented for
Display
only
page items where
Save Session State
=
Yes
,
Text Field
page
items where
Disabled
=
Yes
and
Save Session State
=
Yes
, and
Page Items
, where the read only condition evaluated to
TRUE
.
It is no longer possible to change the session state for
Display
Only
page items through JavaScript/dynamic actions if the
Save
Session State
lag is set to
Yes
.