This discussion is archived
9 Replies Latest reply: Aug 21, 2008 6:12 PM by 60437 RSS

Post Authentication Process firing point

dmcghan Oracle ACE
Currently Being Moderated
Hello,

I was wondering what the exact firing point of the Post Authentication Process is. Does if fire just after the authentication function returns TRUE.

Regards,
Dan

http://danielmcghan.us/
http://sourceforge.net/projects/tapigen/
  • 1. Re: Post Authentication Process firing point
    dmcghan Oracle ACE
    Currently Being Moderated
    All,

    Follow up question...

    What is the difference to adding code in the Post Authentication Process and just after the login process on the login page?

    Regards,
    Dan

    http://danielmcghan.us/
    http://sourceforge.net/projects/tapigen/
  • 2. Re: Post Authentication Process firing point
    60437 Employee ACE
    Currently Being Moderated
    Dan,

    Yes, it fires right after the authentication function returns true.

    Sometimes there is no login page so you need the authentication scheme to contain all the actions. For example, with SSO or NTLM-type page sentry authentication. Also, processes on the login page that do run after the login process run the risk that (a) the redirect that takes place from within the login process might conflict timing-wise with code executed in the processes that follow the login process on the page, and (b) the session ID might change during the execution of the login process, so actions that take place in processes on the login page after the login process might not be effective if they act on session state using the original session ID.

    Scott
  • 3. Re: Post Authentication Process firing point
    dmcghan Oracle ACE
    Currently Being Moderated
    Scott,

    Thank you for your very informative answer!

    About "b", are you saying that code that executes in the Post Authentication Process still has access to the original session ID?

    Also, if the session ID were to change during the login process and a page process followed that login process, wouldn't that page process be working with the new session ID/state? How would they use the original session ID?

    Regards,
    Dan
  • 4. Re: Post Authentication Process firing point
    60437 Employee ACE
    Currently Being Moderated
    Dan,

    The Post Authentication Process will run using the new session ID if it has changed or the old session ID if it has not.

    Your point about processes after the login process using the new/old session ID/state is correct. They too would use whatever the current session ID is. What can happen though is that the login process redirects to the after-login page and that HTTP request gets acted on immediately, i.e., the request goes to the HTTP server/modplsql and a new page request is started in a new database session at once. This page request will use whatever session state exists at the moment. In the meantime, the process or processes after the login process on the login page in the original request get executed. If these alter session state, that state may or may not be available at the instant it is accessed by the new after-login page request.

    So it's safest to keep things sequential/synchronous by using the Post Authentication Process.

    Scott
  • 5. Re: Post Authentication Process firing point
    dmcghan Oracle ACE
    Currently Being Moderated
    Scott,

    Understood, thanks again.

    Regards,
    Dan

    http://danielmcghan.us/
    http://sourceforge.net/projects/tapigen/
  • 6. Re: Post Authentication Process firing point
    60437 Employee ACE
    Currently Being Moderated
    Dan,

    This is a bizarre coincidence but just today an alert forum member described a problem that indicated that the processes on the main Application Express login page were not performing their supposed functions. Looking at the source of an after submit process on the login page, one that runs after the login process, we see:
    declare
      l_last_agent varchar2(4000) := owa_util.get_cgi_env('HTTP_USER_AGENT');
      l_last_ip    varchar2(4000) := owa_util.get_cgi_env('REMOTE_ADDR');
      l_user       varchar2(255) := v('USER');
      l_sgid       number;
    begin
    for c1 in (select PROVISIONING_COMPANY_ID
               from WWV_FLOW_COMPANIES
               where SHORT_NAME = upper(:F4550_P1_COMPANY)) loop
       l_sgid := c1.PROVISIONING_COMPANY_ID;
    update wwv_flow_fnd_user
       set last_login = sysdate,
           BUILDER_LOGIN_COUNT = nvl(BUILDER_LOGIN_COUNT,0) + 1,
           last_agent = l_last_agent,
           last_ip    = l_last_ip
    where  USER_NAME = l_user and
           SECURITY_GROUP_ID = l_sgid;
    end loop;
    exception when others then null;
    end;
    That line:

    where SHORT_NAME = upper(:F4550_P1_COMPANY)) loop

    ...ought to match SHORT_NAME with the page item where you type in the workspace name on the login page. But it doesn't. Why not? Because by the time the previous process finished it had assigned a new session ID and had redirected the user's browser to the Application Express home page. When the above process accessed the value of F4550_P1_COMPANY, it did so using the session state of the new session, which was empty.

    Scott
  • 7. Re: Post Authentication Process firing point
    dmcghan Oracle ACE
    Currently Being Moderated
    Scott,

    I love "WHEN OTHERS THEN NULL;"!

    What thread was it?

    Regards,
    Dan
  • 9. Re: Post Authentication Process firing point
    dmcghan Oracle ACE
    Currently Being Moderated
    Scott,

    Oh wow! I see... Happens to the best of us ;)

    Regards,
    Dan