1 2 Previous Next 16 Replies Latest reply on Oct 16, 2013 12:44 PM by DBPereira

    Session state protection violation

      I have an application in development out on the Oracle Apex site that has been working perfectly, and I haven't touched it in several weeks. The last time I worked with it, everything worked well. Today, a save function that has been working is suddenly returning this in the debug log:

      ......message: Session state protection violation: This may be caused by manual alteration of protected page item 130073351461551152955. If you are unsure what caused this error, please contact the application administrator for assistance.

      The last time I know for sure that it worked, Apex was at version Apex I notice now that it is at I'm pretty sure that upgrade to the new version occurred since the last time I touched the application, but of course I have no idea if that could be a contributing factor or not. I've also changed nothing structural in the data, nor have I manually touched the data prior to seeing the error.

      I've placed a copy of the app in application ID #53036 on the Oracle Apex site. Worspace is mavericksolutions, Login is guest, password is PQ67rs

      Steps to recreate the error:
      * Connect to application 55036 with the login and password as shown above.
      * Run the application
      * Click the Engagements button on the splash screen
      * On the Engagements tab, click Add New Engagement
      * Select a Customer from the dropdown list
      * Select a Course from the dropdown list
      * Click the Create button

      Previously, this action would add an entry to the Engagements table, with the Course_ID and Customer_ID fields filled in properly. Today, I'm getting the error shown above. Unfortunately, I don't know how to figure out what object is referred to as page item 130073351461551152955. And, as far as I can see, not a single page item IS protected.

      I suppose I could start taking things off the page in chunks and see what happens, but there is a LOT of stuff on this page, and a lot of it is interconnected. If someone could take a quick look and see if I'm just missing something obvious, I would sure appreciate it.


      Edited by: Mark T. on Feb 14, 2012 8:24 PM
        • 1. Re: Session state protection violation
          Hi Mark,

          I changed your page 21 a little bit. I hope this is okay.

          Item P21_CUSTOMER_BANNER was defined as a text field, but with a Read Only condition of "always". For all practical purposes, this is really an item of type Display Only with "Save Session State" of "No", which is what I changed it to. The page seems to work now. Can you please check it out?

          Also, I changed the password of the guest account, to avoid the world from logging into your workspace.

          • 2. Re: Session state protection violation
            Joel, that was perfect, sir. Full points given.

            If I may ask... How did you know to look there? And why would it have suddenly become broken?
            • 3. Re: Session state protection violation
              Hi Mark,

              I was able to determine the affected item by the item ID given in the error message (130073351461551152955). That error message will be changed to include the item name instead.

              Also, I know that this is slightly modified behavior in the forthcoming APEX 4.1.1 patch set, which will be documented in the patch set notes.

              1 person found this helpful
              • 4. Re: Session state protection violation
                Joel, thank you again for the detective work.

                For future reference for everyone else, what Joel did was cool, but I didn't know how to do it -- how to find the object associated with that long ID string. Here's how:

                In the SQL Workshop > SQL Commands, execute this query: select item_id, page_id, region, item_name from apex_application_page_items where item_id = '12345678901234567890'

                using the ID string from your error message.
                • 5. Re: Session state protection violation
                  Great !

                  And now what would be the trick if he would have to use value of P21_CUSTOMER_BANNER in his next page ?

                  I am experiencing the issue and can't find any solution.

                  • 6. Re: Session state protection violation

                    Maybe you need to change "Save Session State" to "Yes"?

                    • 7. Re: Session state protection violation
                      Hi jkallman

                      thank you for the answer.
                      Already tried this and get the same kind of session state violation error.

                      • 8. Re: Session state protection violation
                        I have the same problem. Apps falling over everywhere since the 4.1.1 update was applied.

                        2 separate problems, one relating to zero session ID usage, which used to work fine, and also a common thread of display items with session state set to save as reported in this thread. Not sure how often this technique has been used, I have hundreds of pages to check - but it was valid before, and perhaps a query ought to have been made available to run before applying the patch. Or even now would be good.

                        My hosting service have shrugged their shoulders and left me to it. Five days of severely compromised operations from avoidable problems it would seem. Thank you Revion.
                        • 9. Re: Session state protection violation
                          Patrick Wolf-Oracle
                          Hi Chris,

                          to give some additional information. The error message "Session state protection violation: This may be caused by manual alteration of protected page item ..." only occurs if the value of the "Display Only" page item where "Save State" = Yes is being modified with JavaScript. It should not occur for a regular "Display Only" page item which saves state.

                          Can you please provide more information what is not working related to the usage of zero session ID. Might be a good idea to open up a new thread.

                          Regarding the "Session state protection violation" problem, I can offer that I have a look at your application to identify the root cause of the issue. You can send me some instructions and login information to patrick dot wolf at oracle dot com

                          My Blog: http://www.inside-oracle-apex.com
                          APEX Plug-Ins: http://apex.oracle.com/plugins
                          Twitter: http://www.twitter.com/patrickwolf
                          • 10. Re: Session state protection violation
                            Thank you Patrick, I would very much appreciate your input, and I have sent instructions and credentials via email.

                            • 11. Re: Session state protection violation
                              To ensure I am not wasting your time I have isolated several examples of page items which are the subject of the session state protection error and which are not set by javascript functions (although they are referenced in javascript functions). It appears to me that page items defined as display only (or becoming so by condition) are caught up, perhaps inadvertently, by this new approach.

                              Some items in question map to database columns within the scope of a page's standard apex DML routines. These page items need to be saved to the database even if their value is established by page events and processes other than user input. I guess I could set their session state by stealth, and submit them in a report region refresh, although there is no guarantee this would work if you are dynamically generating a minimalist SQL update statement. I think the previous approach - allowing the developer to specify the items to be saved - has a lot to commend it.

                              I recently discovered that my fallback plan to use the "set_compatability_mode" procedure to revert to 4.0 compatibility mode, appears not to resolve this particular problem. Reverting to a server which has not run the 4.1.1 update DID fix the "session state protection" error, but this option is not viable beyond the next few days.

                              • 12. Re: Session state protection violation
                                Since other people might have the same issue, let me add my situation (after the upgrade from 4.0 to

                                We have several hidden items that got this message after the upgrade, and didn't get it before. The problem in this case is the "Value Protected" property. It was set to Yes, which apparently didn't work properly in 4.0. Setting it to No resolved our problem.
                                • 13. Re: Session state protection violation
                                  I have the same problem with fields that are read only and displayed as Text Field. All I had to do to fix the problem is click on the 'Text' item below the Display As field.
                                  • 14. Re: Session state protection violation
                                    I have the same problem with fields that are read only and displayed as Text Field. All I had to do to fix the problem is click on the 'Text' item below the Display As field.<<
                                    That is friggin obscure!! How in the world did you figure that out? And why does it work?

                                    Joel, how are you? I have to admit to not reading the documentation and stumbling into this because it stopped working just like the others. But it sure is comforting to be able to find the answers on the forum. Thanks for the great work you guys always do!


                                    Edited by: sk**** on Sep 6, 2012 4:32 AM
                                    1 2 Previous Next