This content has been marked as final. Show 8 replies
Forms 11g comes with http server Apache version 2+ As of Apache version 2 there (out of the box) are no more process based http sessions but now are threaded. To put it simply there is kind of connection pool, meaning the http session are shared across multiple forms sessions.
So I don't think there is a way to get http session. Although there was a way to get it, it could be different every time you make a request.
I think we can probably help better if we understood why you would want to get any session information from the context of the application (form). Because Forms is stateful, any attempt to alter any session information likely will cause the application to terminate.
Well we want to add some security verification over our applications, but about your answer i don't know if i'm correct, is forms's session the same as http session ?? i have seen that forms has jsessionid so i think there is also a http session, so i want to know if i could get access to these session variables. :)
Well we want to add some security verification over our applicationsWhy not use SSL instead some homegrown mechanism which is prone to have flaws?
don't know if i'm correct, is forms's session the same as http session ??it is not.
i have seen that forms has jsessionid so i think there is also a http session, so i want to know if i could get access to these session variablesThe traffic between the forms applet and the forms servlet is encrypted. You could of course turn on wireshark, trace the whole traffic between the forms applet and the forms servlet and try to break the encryption. But if I were you and would have concerns that someone tries to decrypt your traffic simply use SSL.
btw. where is your database server located? Is it in the same subnet as your clients? Are you using SSL encryption between the Application Server and the Database Server? If not then I'd say the connection between the forms servlet and the forms applet are the least of your problems, as I'd simply register myself as a TNS Listener to the database and would sniff at least 50% of your SQL*Net traffic real time:
Just to be clear, Forms traffic is not encrypted. It is obfuscated. These are not the same. If you want encryption you must enable SSL.
Oops, mixed that up. Thanks for clarifying ;)
Hi, thanks for your time, I know I could use ssl but the reason why I need to get sessions variables is a customer requirement since he wants to perform some extra validations, so is there any way to get http session information, variables etc.