1 2 Previous Next 16 Replies Latest reply: May 21, 2013 8:16 AM by user11060091 RSS

    session state protection violation

    Gaas
      I have upgraded from APEX 4.1 to 4.2.

      all read only items with dynamic action are arising below error:

      session state protection violation: this may caused by manual alteration of protected item P2_IDACCSET.

      Please any idea about this error?

      Regards
      Farah Sheik
        • 1. Re: session state protection violation
          matthew_morris
          From this thread: Session state protection violation a similar problem was resolved by setting the read-only items to 'Display Only' with the 'Save Session State' set to no. I don't know enough about your app to know if this is feasible for you.
          • 2. Re: session state protection violation
            Gaas
            thanks a lot matthew_morris,

            I have set the read-only items to 'Display Only' with the 'Save Session State' set to no.

            when I set this, no error appears but it's now saving to the database.

            Kindly with this setting how can I save the item data into the database.

            Regards
            • 3. Re: session state protection violation
              matthew_morris
              when I set this, no error appears but it's now saving to the database.
              Kindly with this setting how can I save the item data into the database.
              I'm guessing that you meant 'not' rather than 'now'. The user in the prior thread was not saving the page item values to the DB and so had no need to save the session state. Set the session state to 'Yes' and see if the session state error occurs. If so, we'll work from there.
              • 4. Re: session state protection violation
                Gaas
                some error coming back when I Set the session state to 'Yes'
                • 5. Re: session state protection violation
                  matthew_morris
                  Under the 'Security' region when you edit that item, what is the value of 'Session State Protection'? If it is not 'Unrestricted', then change to that.
                  • 6. Re: session state protection violation
                    Gaas
                    'Session State Protection' is already selected 'Unrestricted', also I have tried all other options in that box no solution, still the problem is there.
                    • 7. Re: session state protection violation
                      orsteve
                      Just upgraded to 4.2 last night and have the same problem. Is there a solution?

                      Need "display only", need "save session state" yes, need to insert/update the value in the field, have LOTS of these throughout the application.

                      Steve
                      • 8. Re: session state protection violation
                        975525
                        Hello there,
                        Any update for this one?

                        I have a "display only" item updated by a dynamic action and I need to save the value.

                        Exemple on apex.oracle.com :

                        http://apex.oracle.com/pls/apex/f?p=47851:LOGIN_DESKTOP
                        Username : test
                        Password : test

                        Click on the customer tab then on "Create Customer".
                        Enter values and submit the form.

                        The email field is updated by a dynamic action ("Display Only" item, Save Session State = yes and SSP = unrestricted)

                        Workspace : LAAPEX421
                        Username : test
                        Password : test

                        Thank you,
                        Lucien
                        • 9. Re: session state protection violation
                          892178
                          Is there any work around for this problem other than creating separate hidden and display items? In some of the apps I am moving from 4.0 to 4.2 there have a lot of display only items on pages (that have values set using javascript - often based on other fields the user fills in) that need to be saved in session state to be used for validations or to be saved in the database. So it would be a pretty big overhaul to have to create (and set) second hidden items everywhere these session state saving, display only items are being used.

                          Edited by: hlgrant on Jan 4, 2013 10:51 AM
                          • 10. Re: session state protection violation
                            Arie Geller
                            Hello,

                            >> Is there any work around for this problem other than creating separate hidden and display items?

                            The behavior described in this thread is the expected one, and it is a result of a tighten security features the APEX engine is forcing now (actually since 4.1.).

                            I believe that the correct solution is to separate between display only items and the ones that are being submitted to the server, which, as I described in the following thread, should not be a regular hidden HTML items (as these can be easily hacked).

                            Re: Workaround for Session state protection error on readonly fields needed

                            Regards,
                            Arie.

                            -------------------------------------------------------
                            ♦ Please remember to mark appropriate posts as correct/helpful. For the long run, it will benefit us all.

                            ♦ Author of Oracle Application Express 3.2 – The Essentials and More
                            • 11. Re: session state protection violation
                              Patrick Wolf-Oracle
                              Hi,

                              a possible easier workaround instead of creating a hidden page item for every single display only page item could be to create a "Display Only Save State" item type plug-in which behaves the same way as < 4.1.0.

                              This would have the advantage that you would only have to change the item type of existing "Display Only" item types to the new plug-in, but you wouldn't have to change any of your JavaScript/Dynamic Action code.

                              Try the following plug-in code to get started with your plug-in.
                              function render_display_only (
                                  p_plugin              in apex_plugin.t_plugin,
                                  p_item                in apex_plugin.t_page_item,
                                  p_value               in varchar2,
                                  p_is_readonly         in boolean,
                                  p_is_printer_friendly in boolean )
                                  return apex_plugin.t_page_item_render_result
                              is
                                  -- Dynamic attribute mapping
                                  l_save_state       boolean         := nvl(p_item.attribute_01, 'N') = 'Y';
                                  l_based_on         varchar2(10)    := nvl(p_item.attribute_02, 'VALUE');
                                  l_plsql_code       varchar2(32767) := p_item.attribute_03;
                                  l_show_line_breaks boolean         := nvl(p_item.attribute_04, 'Y') = 'Y';
                              
                                  l_display_value    varchar2(32767);
                              begin
                                  -- Only if we save state and we are not in print mode we will generate
                                  -- a hidden field with the page item value
                                  if l_save_state and not p_is_printer_friendly then
                                      apex_plugin_util.print_hidden (
                                          p_item_name => p_item.name,
                                          p_value     => p_value );
                                  end if;
                              
                                  case l_based_on
                                    when 'VALUE' then
                                        -- print the display value
                                        -- Note: wwv_flow_hot_http_links isn't supported anymore
                                        apex_plugin_util.print_display_only (
                                            p_item             => p_item,
                                            p_display_value    => p_value,
                                            p_show_line_breaks => l_show_line_breaks,
                                            p_id_postfix       => case when l_save_state then '_DISPLAY' end );
                              
                                    when 'LOV' then
                                        -- get the display value based on the LOV
                                        if p_value is not null then
                                            l_display_value := apex_plugin_util.get_display_data (
                                                                   p_sql_statement      => p_item.lov_definition,
                                                                   p_min_columns        => 2,
                                                                   p_max_columns        => 2,
                                                                   p_component_name     => p_item.name,
                                                                   p_search_string      => p_value,
                                                                   p_display_extra      => p_item.lov_display_extra,
                                                                   p_support_legacy_lov => true );
                                        end if;
                              
                                        -- print the display value
                                        -- Note: wwv_flow_hot_http_links isn't supported anymore
                                        apex_plugin_util.print_display_only (
                                            p_item             => p_item,
                                            p_display_value    => l_display_value,
                                            p_show_line_breaks => l_show_line_breaks,
                                            p_id_postfix       => case when l_save_state then '_DISPLAY' end );
                                  end case;
                                  --
                                  return null;
                                  --
                              end render_display_only;
                              Note: Be cautious if you use the above "Display Only (Always Saves State)" plug-in! There is a reason why we tightened the security for those item types, because they looked read-only but someone could change the hidden field value to save a different value.

                              So if you use the above plug-in you should add additional server side checks/validations to make sure that only valid values are accepted for the current user. In general it might be a better strategy to not set the value with JavaScript and instead set the values with server side code when the page gets submitted.


                              Regards
                              Patrick
                              -----------
                              My Blog: http://www.inside-oracle-apex.com
                              APEX Plug-Ins: http://apex.oracle.com/plugins
                              Twitter: http://www.twitter.com/patrickwolf

                              Edited by: Patrick Wolf on Jan 7, 2013 3:27 PM

                              Edited by: Patrick Wolf on Jan 8, 2013 11:03 AM
                              • 12. Re: session state protection violation
                                mpatzwahl
                                Hi,

                                i never had so much trouble with an upgrade (to 4.2)
                                no problems from 2.0 to 2.1 to 2.2 to 3.0 to 3.1 to 3.2 to 4.0 to 4.1.

                                BUT a lot since 4.2.1 !

                                Sorry, i never worked with Plugings, so what are the right Parameters for the Render Function Name:
                                render_display_only(???,???,'TRUE','FALSE);
                                When i use render_display_only (without Parameters) I get:
                                ORA-06550: Zeile 61, Spalte 51: PLS-00306: Falsche Anzahl oder Typen von Argumenten in Aufruf von 'RENDER_DISPLAY_ONLY' ORA-06550: Zeile 61, Spalte 1: PL/SQL: Statement ignored

                                Thanks
                                Marco

                                Edited by: mpatzwahl on Jan 7, 2013 4:50 AM
                                • 13. Re: session state protection violation
                                  Patrick Wolf-Oracle
                                  Hi,

                                  I have created a plug-in which I can send you if you want. Post your e-mail address or send a mail to my firstname (dot) lastname @ oracle.com

                                  Regards
                                  Patrick
                                  -----------
                                  My Blog: http://www.inside-oracle-apex.com
                                  APEX Plug-Ins: http://apex.oracle.com/plugins
                                  Twitter: http://www.twitter.com/patrickwolf
                                  • 14. Re: session state protection violation
                                    mpatzwahl
                                    Hello Patrick,
                                    thanks, i´ve sent you my email address. In my App i use in the moment this workaround:
                                    Item Type: Text Box: Read Only

                                    Kind regards

                                    Marco

                                    Edited by: mpatzwahl on Jan 7, 2013 5:44 AM
                                    1 2 Previous Next