I have a simple APEX login form which is placed on a <DIV> on a standard HTML page - see below:
<form id="wwvFlowForm" name="wwv_flow" method="post" action="https://[url_to_apex]/wwv_flow.accept">
<input id="pFlowId" type="hidden" value="[apex_app_alias]" name="p_flow_id">
<input id="pFlowStepId" type="hidden" value="101" name="p_flow_step_id">
<input type="hidden" id="pRequest" value="" name="p_request">
<label tabindex="999" for="P101_USERNAME">Membership ID / User ID:</label>
<input type="hidden" value="482427095063131055" name="p_arg_names">
<input type="text" maxlength="100" size="20" value="" name="p_t01" id="P101_USERNAME">
<label tabindex="999" for="P101_PASSWORD">Password:</label>
<input type="hidden" value="482427195412131063" name="p_arg_names">
<input type="password" id="P101_PASSWORD" value="" maxlength="100" size="20" name="p_t02">
<button type="submit" class="button">Submit</button>
In APEX 3.x, I could login on this HTML page and I would be successfully logged in and redirected to another APEX page e.g. page 300.
Bascially, this HTML page simulated what the standard page 101 did. Since upgrading to APEX 4.2 this does not work anymore and I am getting the following error:
"Error Page protection violation: This may be caused by submitting a page that had not yet finished loading or by manual alteration of protected page items. For further assistance, please contact the application administrator.
Contact your application administrator."
Session state protection is not enabled and the items P101_USERNAME and P101_PASSWORD are not protected (item security Session State Protection = Unrestricted).
Any ideas anyone?
in 4.1.1, we added a hidden item p_page_checksum, for security reasons. This item contains a session dependent checksum over the items that should be submitted. Since your custom form does not contain the checksum item, the submit request causes this error. The checksum value not be computed from outside, either. That's probably bad news for you, but this option of an external, custom login form does not work anymore, sorry.
Given the changes that Christian describes, if you can't redesign this part of your application, I think your next approach is to use an iframe to include the login form on the page.
This will allow you to include page 101 (or any page number) to be your login section. It can look exactly as your current solution, but the iframe will allow that page to submit on it's own without affecting the existing page.
The challenge then becomes escaping the iframe. One way to do this is by setting the window.location.href, but there are other ways.
This thread will give you some ideas Problem closing Skillbuilders modal page when using Login page 101
Christian, many thanks for all your response and as I suspected this "feature" was locked down in APEX 4.x.
Jorge/Tom, very interesting ideas to take away with me so...thank you.
Just to give more information on this, the reason this redirect was done in the first place was because the host site was third party and we had very little influence over how this feature was implemented. Apart from providing the APEX login form code there was little more we could do and there was no need to come up with a "clever" alternative.
Anyway, thanks again to all,