1 2 Previous Next 15 Replies Latest reply: Oct 24, 2013 9:13 AM by CaioAndreatta RSS

    APEX Security: Multiple session cookies in one browser

    S-Max
      Hi all,

      I use mozilla firefox as web browser. When I open a new tab and enter the APEX application url I will be redirected to the login page. After successfully login I receive the session id and the browser the session cookie WWV_CUSTOM-F....

      When I now open the next browser tab and enter the APEX application url I will be redirected to the login page. After successfully login I receive the new session id and the browser the session cookie WWV_CUSTOM-F... with new content. My session from the first browser tab will be killed, because the session cookie for this session was deleted/replaced by the session cookie from the second tab.

      Is it possible to have multiple APEX sessions opened in one browser in multiple tabs?

      Regards
        • 1. Re: APEX Security: Multiple session cookies in one browser
          Scott
          Yes - but there's a catch.

          You'll have to refer to the server as a different name for each session.

          So, right off the bat, you should be able to have Tab 1 open to servername.com and Tab 2 open to 1.2.3.4 (server's IP address). APEX will keep those two sessions isolated, as the cookie names will be different.

          If you need more than two, then you can edit your local hosts file and create as many aliases as you like. For instance, I have an alias "vm" that is mapped to the IP of my virtual machine; thus, I can access it by typing in just "vm" into the URL.

          Thanks,

          - Scott -

          http://spendolini.blogspot.com
          http://www.sumneva.com
          • 2. Re: APEX Security: Multiple session cookies in one browser
            S-Max
            Thank you, Scott!
            • 3. Re: APEX Security: Multiple session cookies in one browser
              its_working-Oracle
              Apex 4.0.x.x.x was working ok with multiple tabs, after upgrade to 4.1.0.00.32 it's not. Could dev team bring it back?
              • 4. Re: APEX Security: Multiple session cookies in one browser
                joelkallman-Oracle
                Dear "its_working",

                +>> Apex 4.0.x.x.x was working ok with multiple tabs, after upgrade to 4.1.0.00.32 it's not.+

                Can you please explain what you may by "was working okay with multiple tabs", and "it's not". How does one reproduce the issue you're citing?

                Thanks.

                Joel
                • 5. Re: APEX Security: Multiple session cookies in one browser
                  andres3
                  Hi

                  This is an old story ...

                  To define several hosts - this is not the solution today.
                  Is this problem solved ? Is it possible to manage several sessions in one browser ?

                  For our clients - it is very important to have open many windows: for different clients, for different products, for different bills, ...
                  All these windows must have different apex session ID-s (as there are different clients, there are different products).

                  We still used Apex 3 (in old version this is OK). Now we are moving to 4.1 (problem starts here).
                  But - this is a serious problem - we have to solve before.

                  What is the workground TODAY ?

                  Best
                  Andres L.
                  Estonia

                  Edited by: andres3 on Jan 5, 2013 12:17 AM
                  • 6. Re: APEX Security: Multiple session cookies in one browser
                    Gianluigi Trento
                    Hi Andres,
                    have you found a workaround?
                    This is a big problem for us, too.

                    I think that Oracle developers do not understand that this is a problem for the use of Apex.
                    It 's normal that a user open 2, 3, 4, ... times the same program. With Apex > 4.0 this is not longer possible.
                    The customer gets angry and does not want more Apex, Oracle Database, etc. ..
                    He wants software that allows him to work.

                    If you are using Apex 3.2 see our tool to use Apex as RIA http://www.betasoftware.it/blog/2011/09/apex-come-applicazione-desktop-apex-as-desktop-application/.
                    For Apex 4.1 problem see http://www.betasoftware.it/blog/2011/10/bsapex-e-apex-4-1-bsapex-and-apex-4-1/ .

                    Regards,
                    Gianluigi
                    • 7. Re: APEX Security: Multiple session cookies in one browser
                      Martijnke
                      Hi all,


                      we too are facing the same problem
                      any workarounds ?
                      • 8. Re: APEX Security: Multiple session cookies in one browser
                        wbfergus-1
                        One way would be in the authentication section, to specify some sort of unique identifier as part of the cookie name.

                        An easier alternative that I use, is I simply have IE, Firefox and Chrome installed, so each browser gets it's own cookie. It also helps me to see the differences with each browser, so making adjustments before I make an application 'production' is easier before the users start to complain.

                        Bill Ferguson
                        • 9. Re: APEX Security: Multiple session cookies in one browser
                          Kenny Hanberg
                          Hi all,

                          The brilliant feature you want to get rid off is session sharing.
                          All developers have this kind of problem, so they naturally create a way to turn them off.

                          And when using ie you have two command line switches..
                          iexplore.exe -noframemerging
                          iexplore.exe -nomerge
                          http://msdn.microsoft.com/en-us/library/ee330728%28VS.85%29.aspx

                          I'm sure that Firefox and Chrome have a simelar set of switches/hidden settings...
                          or just use private browsing...

                          /kenny

                          Edited by: Kenny Hanberg on Jan 24, 2013 10:01 AM
                          • 10. Re: APEX Security: Multiple session cookies in one browser
                            andres3
                            Hi friends

                            We have solved this problem.

                            We can work with different apex sessions in one browser (many tabs, many windows, many sessions). It is possible now. We have many different solutions.

                            1) rewrite request headers in Oracle listener (we wrote a program changing session string in header)

                            2) change cookies (active window assigns the right cookie for host - corresponding the session in URI) in browser.

                            To do this is not technically very easy - but it is possible using ajax. It works.


                            NB! I hope that Apex team is changing a mind - and removing this big restriction. We hope to discuss this problem with Apex team at ODTUG Kscope 13.

                            For us was only two ways - we must use many sessions in Apex or not to use Apex at all. Many sessions was a business requirement.

                            Best
                            Andres
                            • 11. Re: APEX Security: Multiple session cookies in one browser
                              Gianluigi Trento
                              Hi all,
                              we have also solved this problem.
                              Our tool bsApex now works with Apex 4.1 and 4.2, no more session problems.
                              See http://www.betasoftware.it/blog/2013/03/bsapex-2-0/ and try it.

                              Bye,

                              Gianluigi
                              • 12. Re: APEX Security: Multiple session cookies in one browser
                                PPlatt
                                Could you please give us some more information on how to set it up and install it please. I can't read Italian unfortunately.
                                All we get in the readme file is:

                                bsApex v. 2.0
                                =====================================
                                http://www.betasoftware.it/blog/code
                                Copyright (c) 2013, Beta Software snc
                                =====================================
                                For configuration see bsApex.exe.config
                                "Microsoft .NET Framework 4 Client Profile" is required.
                                Thanks to Mrojas for Extended WebBrowser class
                                http://blogs.artinsoft.net/Mrojas/archive/2008/09/18/Extended-WebBrowser-Control-SeriesNewWindow2-Events-in-the-C-WebBrowserControl.aspx


                                regards
                                PaulP
                                • 13. Re: APEX Security: Multiple session cookies in one browser
                                  Gianluigi Trento
                                  Hi PaulP,
                                  it's simple.
                                  Unzip bsApex2 http://www.betasoftware.it/codice/bsApex2.zip
                                  If not installed, install Microsoft .NET Framework 4 Client Profile.
                                  Configure bsApex.exe.config
                                  <?xml version="1.0" encoding="utf-8" ?>
                                  <configuration>
                                    <appSettings>
                                      <!-- Application Title -->
                                      <add key="aTitolo" value="Apex Desktop by Beta Software snc" />
                                      <!-- Short application title -->
                                      <add key="aTitoloBreve" value="Apex Desktop" />
                                      <!-- Window height -->    
                                      <add key="aAltezza" value="960" />
                                      <!-- Window width-->
                                      <add key="aLarghezza" value="1200" />
                                      <!-- Close botton text -->
                                      <add key="aChiudi" value="Close" />
                                      <!-- Print botton text -->
                                      <add key="aStampa" value="Print" />
                                      <!-- Application icon-->
                                      <add key="aIcona" value="bsApex.ico" />
                                      <!-- Client -->
                                      <add key="aCliente" value="Apex Community" />
                                      <!-- Application address -->
                                      <add key="aIndirizzo" value="http://apex.oracle.com/pls/otn/f?p=23873:1" />
                                    </appSettings>
                                  </configuration>
                                  Run bsApex.exe, that's all.

                                  Regards,
                                  Gianluigi
                                  • 14. Re: APEX Security: Multiple session cookies in one browser
                                    Evandro

                                    Hi 31818, can you explain detailed this workaround with cookie?

                                    1 2 Previous Next