Discussions
Categories
- 385K All Categories
- 2.6K Data
- 582 Big Data Appliance
- 2K Data Science
- 452.1K Databases
- 222.3K General Database Discussions
- 3.8K Java and JavaScript in the Database
- 32 Multilingual Engine
- 575 MySQL Community Space
- 479 NoSQL Database
- 7.9K Oracle Database Express Edition (XE)
- 3.1K ORDS, SODA & JSON in the Database
- 575 SQLcl
- 4K SQL Developer Data Modeler
- 187.7K SQL & PL/SQL
- 21.5K SQL Developer
- 12 Data Integration
- 12 GoldenGate
- 297.7K Development
- 3 Application Development
- 18 Developer Projects
- 140 Programming Languages
- 294.3K Development Tools
- 118 DevOps
- 3.1K QA/Testing
- 646.4K Java
- 30 Java Learning Subscription
- 37K Database Connectivity
- 185 Java Community Process
- 107 Java 25
- 22.2K Java APIs
- 138.3K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 21 Java Essentials
- 172 Java 8 Questions
- 86K Java Programming
- 82 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.3K Java SE
- 13.8K Java Security
- 206 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 583 LiveLabs
- 41 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.6K JHeadstart
- 5.7K Other Languages
- 2.3K Chinese
- 191 Deutsche Oracle Community
- 1.1K Español
- 1.9K Japanese
- 240 Portuguese
APEX 3.2: Session Timeout URL & Substitution Items
Duncs
Member Posts: 507 Bronze Badge
This is one for the APEX guys.
Are there any plans to extend the number of substitution items supported in the "Session Timeout URL" or "Idle Timeout URL"
The documentation states that:
"Only three substitution items are supported in this URL: &APP_SESSION., &SESSION., and &APP_ID., although because of the particular purpose of this URL it is not necessary to include either &APP_SESSION. or &SESSION. in the link."
The one I am most interested in would be the addition of the "LOGOUT_URL" defined in your application authentication scheme.
I can see many people wanting to implement Session Timeout and once the session has expired, log them out of the application.
If the LOGOUT_URL substitution item was supported, it would make this task very simple indeed and not have to worry about changing the Session Timeout URL should your Logout URL ever change (as ours recently did when we moved from 10.1.2 OIM to 10.1.4 OIM)
I hope this can be implemented in a future release.
Regards
Duncan
Are there any plans to extend the number of substitution items supported in the "Session Timeout URL" or "Idle Timeout URL"
The documentation states that:
"Only three substitution items are supported in this URL: &APP_SESSION., &SESSION., and &APP_ID., although because of the particular purpose of this URL it is not necessary to include either &APP_SESSION. or &SESSION. in the link."
The one I am most interested in would be the addition of the "LOGOUT_URL" defined in your application authentication scheme.
I can see many people wanting to implement Session Timeout and once the session has expired, log them out of the application.
If the LOGOUT_URL substitution item was supported, it would make this task very simple indeed and not have to worry about changing the Session Timeout URL should your Logout URL ever change (as ours recently did when we moved from 10.1.2 OIM to 10.1.4 OIM)
I hope this can be implemented in a future release.
Regards
Duncan
Answers
-
Duncan,
When the session expires or times out, it gets deleted, so is the logout URL still important?
Scott -
As far as APEX is concerned I guess not but what about your SSO cookie? That is still active I assume when you are using SSO as your authentication scheme?
If that is the case and your re-direct went to your apex homepage, you will get a new APEX session ID and cookie but you will use the currently active SSO session and hence not promted to re-login.
Regards
Duncan -
Duncan - I'd suggest having the timeout URL go to a page that redirects to the logout URL in such a way that a notification page is the last thing the user sees, e.g., "you've been logged out because you exceeded the maximum allowable session idle time, click "here" to login again".
Scott -
Got your suggestion working now using a redirect and a call to the logout URL.
Thanks for the suggestion.
Regards
Duncan -
Where can I find more info on session timeouts? I'm interested in particular in timing out a session that's been idle for a certain amount of time and logging them out totally.
Nevermind, I realized how stupid that question was after I submitted it. Where's the "Retract Dumb Question" button in the forums??
Edited by: PktAces on Jun 16, 2009 12:19 PM -
I do have a question about this now though. I tried implementing as outlined in the link at the top but I'm getting an error on the timeout page with a stop sign. It says
Access denied by Application security check
When I click OK hyper link it takes me to the application dev page. Does this work if your using an access control page and the application authorization scheme is set to "access control - view"? -
I'd have to see this scenario recreated on apex.oracle.com to give specific answers. Could be a quirk that comes into play only when you are sharing a session between the dev and runtime environments.
Scott -
I'll try to export and import my app into apex.oracle.com and get you access to it. Thanks.
-
Hi Scott,
I finally got the app transferred.
http://apex.oracle.com/pls/otn/f?p=31127:1
tstadmin:tstadmin is an account you can use. The timeout just doesn't seem to work correctly. It does timeout, but it goes to the login screen instead of the timeout page, then when you login the timeout screen comes up.
I'll send the workspace login info to you if you have an email address I can use.
Thanks,
Ben -
Ben,
Your timeout pages need to be public, otherwise the user would be required to authenticate since there will be a new session when they are requested.
Scott
This discussion has been closed.