Any Effect for Session State
Vikas Sharma, April 09, 2002 - 1:21 pm UTC
Hi,
i would like to know that, will it depend on the session state. I mean It works for stateful and stateless session of mod_plsql.
i tried it with both it is same for both. Kindly let me know your review on weather i should use stateful or stateless session in this case and in general.
April 09, 2002 - 1:43 pm UTC
See the answer to q2 above. I address that there.
Me, I use only stateless connections in all of my applications. There is no way I want people consuming resources of any sort on my server whilst they are not actually using the server. Any state I need to store for them goes into database tables and you get a session id (thats how asktom works)
A clarification
Vikas Sharma, April 28, 2002 - 2:06 pm UTC
I am sorry for asking a delayed clarification. Actually i implemented it little late. The clarification required is:
I have create a procedure create_app_context which creates a context say orgid = 123. I have also created a policy function which return orgid as predicate from context. Policy function work for all DML and select statements.This procedure is called in all the pages who has DML or a select. The context takes value from the current cookie. procedure is
CREATE OR REPLACE PROCEDURE create_app_context IS
v_cookie owa_cookie.cookie;
v_username VARCHAR2(32) ;
v_orgid NUMBER;
BEGIN
v_cookie := owa_cookie.get('uname_orgid');
IF (v_cookie.num_vals > 0) THEN
v_username := SUBSTR(v_cookie.vals(1),0,(INSTR(v_cookie.vals(1),'_')-1));
v_orgid := SUBSTR(v_cookie.vals(1),(INSTR(v_cookie.vals(1),'_')+1));
dbms_session.set_context('hr_cm_app','username',v_username);
dbms_session.set_context('hr_cm_app','orgid',v_orgid);
ELSE
dbms_session.set_context('hr_cm_app','username',null);
dbms_session.set_context('hr_cm_app','orgid',null);
END IF;
END create_app_context;
/
The test procedure which calls a select statement.
CREATE OR REPLACE PROCEDURE testpolicy is
begin
create_app_context;
for i in (select user_id,name,organisation_id from hr_cm_users) loop
htp.prn(i.user_id||'--'||i.name||'--'||i.organisation_id||'<p>');
end loop;
exception
when others then
htp.prn(sqlerrm);
end;
/
This all works fine. I get the result of the query as per orgid. But I have doubt ie. suppose there are hundred of user who are using my application some one are executing a procedure which updates a table some are selecting some are inserting. At any point of time the value of the orgid in context is likely to conflict i mean result may not be as desired. For example if two user a and b from different who has different orgid execute two procedure user a does a update one row(can update only the rows which belongs to his orgid.) And user b execute a procedure which select some rows from the same table (can select only the row which belongs to his orgid.). both executes procedure at the same time. Then are there some chances of getting not the desired result. Because one policy function will be for update and select which uses a sys_context('hr_cm_app','orgid') in both cases. policy function is :
CREATE OR REPLACE PACKAGE BODY hr_cm_security_policyftn AS
gv_appctx VARCHAR2(30) default 'HR_CM_APP' ;
gv_insupddel_pred VARCHAR2(2000) default NULL;
FUNCTION policy_hr_cm_users(p_schema IN VARCHAR2, p_object IN VARCHAR2) RETURN VARCHAR2 IS
BEGIN
IF sys_context('HR_CM_APP','orgid') = 0 OR sys_context ('HR_CM_APP','orgid') IS NULL THEN
gv_insupddel_pred := '1 = 1 ' ;
ELSE
gv_insupddel_pred := ' organisation_id = sys_context('''||gv_appctx||''',''orgid'')';
END IF;
RETURN gv_insupddel_pred;
END policy_hr_cm_users;
.The table cloumns are:
hr_cm@ORCL.DEL1>select name,user_id,organisation_id from hr_cm_users;
NAME USER_ID ORGANISATION_ID
-------------------------------- ---------- ---------------
vsharma 1000 5000
asharma 1001 5001
administrator 0 0
hello1 1002 5000
hello2 1003 5001
April 28, 2002 - 3:38 pm UTC
Every session will have its OWN context as you have it defined. The context is local to a SESSION.
Application context's and FGAC wouldn't work otherwise.
You will get the right answer...
PSP Logoff
ht, August 29, 2003 - 5:08 pm UTC
Tom,
Can you point me in the right direction regarding writing a PSP logoff page? I'm testing user privileges in my app but it seems that I must relaunch my browser to login as a different user.
Thanks,
ht
Found the answer.
ht, August 29, 2003 - 5:23 pm UTC
I should have rtfm:
Another method of deauthentication is to add /logmeoff after the DAD in the URL, for example:
</code>
http://myhost:2000/pls/myDAD/logmeoff <code>
Thanks and have a good weekend.
ht