This discussion is archived
1 2 Previous Next 16 Replies Latest reply: May 21, 2013 6:16 AM by user11060091 RSS

session state protection violation

709545 Newbie
Currently Being Moderated
I have upgraded from APEX 4.1 to 4.2.

all read only items with dynamic action are arising below error:

session state protection violation: this may caused by manual alteration of protected item P2_IDACCSET.

Please any idea about this error?

Regards
Farah Sheik
  • 1. Re: session state protection violation
    matthew_morris Expert
    Currently Being Moderated
    From this thread: Session state protection violation a similar problem was resolved by setting the read-only items to 'Display Only' with the 'Save Session State' set to no. I don't know enough about your app to know if this is feasible for you.
  • 2. Re: session state protection violation
    709545 Newbie
    Currently Being Moderated
    thanks a lot matthew_morris,

    I have set the read-only items to 'Display Only' with the 'Save Session State' set to no.

    when I set this, no error appears but it's now saving to the database.

    Kindly with this setting how can I save the item data into the database.

    Regards
  • 3. Re: session state protection violation
    matthew_morris Expert
    Currently Being Moderated
    when I set this, no error appears but it's now saving to the database.
    Kindly with this setting how can I save the item data into the database.
    I'm guessing that you meant 'not' rather than 'now'. The user in the prior thread was not saving the page item values to the DB and so had no need to save the session state. Set the session state to 'Yes' and see if the session state error occurs. If so, we'll work from there.
  • 4. Re: session state protection violation
    709545 Newbie
    Currently Being Moderated
    some error coming back when I Set the session state to 'Yes'
  • 5. Re: session state protection violation
    matthew_morris Expert
    Currently Being Moderated
    Under the 'Security' region when you edit that item, what is the value of 'Session State Protection'? If it is not 'Unrestricted', then change to that.
  • 6. Re: session state protection violation
    709545 Newbie
    Currently Being Moderated
    'Session State Protection' is already selected 'Unrestricted', also I have tried all other options in that box no solution, still the problem is there.
  • 7. Re: session state protection violation
    orsteve Newbie
    Currently Being Moderated
    Just upgraded to 4.2 last night and have the same problem. Is there a solution?

    Need "display only", need "save session state" yes, need to insert/update the value in the field, have LOTS of these throughout the application.

    Steve
  • 8. Re: session state protection violation
    975525 Newbie
    Currently Being Moderated
    Hello there,
    Any update for this one?

    I have a "display only" item updated by a dynamic action and I need to save the value.

    Exemple on apex.oracle.com :

    http://apex.oracle.com/pls/apex/f?p=47851:LOGIN_DESKTOP
    Username : test
    Password : test

    Click on the customer tab then on "Create Customer".
    Enter values and submit the form.

    The email field is updated by a dynamic action ("Display Only" item, Save Session State = yes and SSP = unrestricted)

    Workspace : LAAPEX421
    Username : test
    Password : test

    Thank you,
    Lucien
  • 9. Re: session state protection violation
    892178 Newbie
    Currently Being Moderated
    Is there any work around for this problem other than creating separate hidden and display items? In some of the apps I am moving from 4.0 to 4.2 there have a lot of display only items on pages (that have values set using javascript - often based on other fields the user fills in) that need to be saved in session state to be used for validations or to be saved in the database. So it would be a pretty big overhaul to have to create (and set) second hidden items everywhere these session state saving, display only items are being used.

    Edited by: hlgrant on Jan 4, 2013 10:51 AM
  • 10. Re: session state protection violation
    Arie Geller Guru
    Currently Being Moderated
    Hello,

    >> Is there any work around for this problem other than creating separate hidden and display items?

    The behavior described in this thread is the expected one, and it is a result of a tighten security features the APEX engine is forcing now (actually since 4.1.).

    I believe that the correct solution is to separate between display only items and the ones that are being submitted to the server, which, as I described in the following thread, should not be a regular hidden HTML items (as these can be easily hacked).

    Re: Workaround for Session state protection error on readonly fields needed

    Regards,
    Arie.

    -------------------------------------------------------
    ♦ Please remember to mark appropriate posts as correct/helpful. For the long run, it will benefit us all.

    ♦ Author of Oracle Application Express 3.2 – The Essentials and More
  • 11. Re: session state protection violation
    Patrick Wolf Employee ACE
    Currently Being Moderated
    Hi,

    a possible easier workaround instead of creating a hidden page item for every single display only page item could be to create a "Display Only Save State" item type plug-in which behaves the same way as < 4.1.0.

    This would have the advantage that you would only have to change the item type of existing "Display Only" item types to the new plug-in, but you wouldn't have to change any of your JavaScript/Dynamic Action code.

    Try the following plug-in code to get started with your plug-in.
    function render_display_only (
        p_plugin              in apex_plugin.t_plugin,
        p_item                in apex_plugin.t_page_item,
        p_value               in varchar2,
        p_is_readonly         in boolean,
        p_is_printer_friendly in boolean )
        return apex_plugin.t_page_item_render_result
    is
        -- Dynamic attribute mapping
        l_save_state       boolean         := nvl(p_item.attribute_01, 'N') = 'Y';
        l_based_on         varchar2(10)    := nvl(p_item.attribute_02, 'VALUE');
        l_plsql_code       varchar2(32767) := p_item.attribute_03;
        l_show_line_breaks boolean         := nvl(p_item.attribute_04, 'Y') = 'Y';
    
        l_display_value    varchar2(32767);
    begin
        -- Only if we save state and we are not in print mode we will generate
        -- a hidden field with the page item value
        if l_save_state and not p_is_printer_friendly then
            apex_plugin_util.print_hidden (
                p_item_name => p_item.name,
                p_value     => p_value );
        end if;
    
        case l_based_on
          when 'VALUE' then
              -- print the display value
              -- Note: wwv_flow_hot_http_links isn't supported anymore
              apex_plugin_util.print_display_only (
                  p_item             => p_item,
                  p_display_value    => p_value,
                  p_show_line_breaks => l_show_line_breaks,
                  p_id_postfix       => case when l_save_state then '_DISPLAY' end );
    
          when 'LOV' then
              -- get the display value based on the LOV
              if p_value is not null then
                  l_display_value := apex_plugin_util.get_display_data (
                                         p_sql_statement      => p_item.lov_definition,
                                         p_min_columns        => 2,
                                         p_max_columns        => 2,
                                         p_component_name     => p_item.name,
                                         p_search_string      => p_value,
                                         p_display_extra      => p_item.lov_display_extra,
                                         p_support_legacy_lov => true );
              end if;
    
              -- print the display value
              -- Note: wwv_flow_hot_http_links isn't supported anymore
              apex_plugin_util.print_display_only (
                  p_item             => p_item,
                  p_display_value    => l_display_value,
                  p_show_line_breaks => l_show_line_breaks,
                  p_id_postfix       => case when l_save_state then '_DISPLAY' end );
        end case;
        --
        return null;
        --
    end render_display_only;
    Note: Be cautious if you use the above "Display Only (Always Saves State)" plug-in! There is a reason why we tightened the security for those item types, because they looked read-only but someone could change the hidden field value to save a different value.

    So if you use the above plug-in you should add additional server side checks/validations to make sure that only valid values are accepted for the current user. In general it might be a better strategy to not set the value with JavaScript and instead set the values with server side code when the page gets submitted.


    Regards
    Patrick
    -----------
    My Blog: http://www.inside-oracle-apex.com
    APEX Plug-Ins: http://apex.oracle.com/plugins
    Twitter: http://www.twitter.com/patrickwolf

    Edited by: Patrick Wolf on Jan 7, 2013 3:27 PM

    Edited by: Patrick Wolf on Jan 8, 2013 11:03 AM
  • 12. Re: session state protection violation
    mpatzwahl Newbie
    Currently Being Moderated
    Hi,

    i never had so much trouble with an upgrade (to 4.2)
    no problems from 2.0 to 2.1 to 2.2 to 3.0 to 3.1 to 3.2 to 4.0 to 4.1.

    BUT a lot since 4.2.1 !

    Sorry, i never worked with Plugings, so what are the right Parameters for the Render Function Name:
    render_display_only(???,???,'TRUE','FALSE);
    When i use render_display_only (without Parameters) I get:
    ORA-06550: Zeile 61, Spalte 51: PLS-00306: Falsche Anzahl oder Typen von Argumenten in Aufruf von 'RENDER_DISPLAY_ONLY' ORA-06550: Zeile 61, Spalte 1: PL/SQL: Statement ignored

    Thanks
    Marco

    Edited by: mpatzwahl on Jan 7, 2013 4:50 AM
  • 13. Re: session state protection violation
    Patrick Wolf Employee ACE
    Currently Being Moderated
    Hi,

    I have created a plug-in which I can send you if you want. Post your e-mail address or send a mail to my firstname (dot) lastname @ oracle.com

    Regards
    Patrick
    -----------
    My Blog: http://www.inside-oracle-apex.com
    APEX Plug-Ins: http://apex.oracle.com/plugins
    Twitter: http://www.twitter.com/patrickwolf
  • 14. Re: session state protection violation
    mpatzwahl Newbie
    Currently Being Moderated
    Hello Patrick,
    thanks, i´ve sent you my email address. In my App i use in the moment this workaround:
    Item Type: Text Box: Read Only

    Kind regards

    Marco

    Edited by: mpatzwahl on Jan 7, 2013 5:44 AM
1 2 Previous Next

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points