1 Reply Latest reply: Nov 26, 2012 6:53 AM by Christian Neumueller-Oracle RSS

    Apex 4.2. Page Sentry

    PJ
      Hello all

      This may be a long post. But to summarise. I had been using Apex 3 a few years ago, and all was great. I had been using custom authorisation, but I just can't seem to get it to work now. This is really driving me crazy. Apex is supposed to be easy (which is is most of the time) but you would need to be some kind of genius to figure out what is happening with the SESSION ID.

      My question: Why is the page sentry function loosing the SESSION state on the first call, after successful authentication.

      Apex 4.2.0.00.27
      Oracle Express 11.2

      I have created a standard login page. I am using a custom authentication scheme call TEST_AUTH (to highlight my issue). My log file shows the following on successful login:

      Notice that the session id seems to be gone at the first call of the page sentry function. But on subsequent calls it is ok. (Though a different SESSION ID)

      I would really appreciate some help here, as it has taken me 3 days to build a tactical app I need and another 4 days trying to sort out this problem.

      Thank you all
      p
      14.02.45.590     Entry Point      Entry Point              D   APEX-1 Login process: Using session ID 5103355297827
      14.02.45.593     TEST_AUTH        PRE_AUTHENTICATION       I   Begin - 1
      14.02.45.594     TEST_AUTH        PRE_AUTHENTICATION       D   Session is VALID ...
      14.02.45.594     TEST_AUTH        PRE_AUTHENTICATION       D   Session ID: 5103355297827
      14.02.45.594     TEST_AUTH        PRE_AUTHENTICATION       D   Cookie Session ID: 5103355297827
      14.02.45.595     TEST_AUTH        PRE_AUTHENTICATION       I   End - 1
      14.02.45.596     TEST_AUTH        AUTHENTICATE             I   Begin - 1
      14.02.45.597     TEST_AUTH        AUTHENTICATE             D   Session is VALID ...
      14.02.45.597     TEST_AUTH        AUTHENTICATE             D   Session ID: 5103355297827
      14.02.45.598     TEST_AUTH        AUTHENTICATE             D   Cookie Session ID: 5103355297827
      14.02.45.598     TEST_AUTH        AUTHENTICATE             D   Username is: USER
      14.02.45.598     TEST_AUTH        AUTHENTICATE             D   Password is: password
      14.02.45.598     TEST_AUTH        AUTHENTICATE             D   User and password valid.  Authenticated
      14.02.45.598     TEST_AUTH        AUTHENTICATE             I   End - 1
      14.02.45.600     TEST_AUTH        POST_AUTHENTICATION      I   Begin - 1
      14.02.45.600     TEST_AUTH        POST_AUTHENTICATION      D   User is authenticated.
      14.02.45.601     TEST_AUTH        POST_AUTHENTICATION      D   Session is VALID ...
      14.02.45.601     TEST_AUTH        POST_AUTHENTICATION      D   Session ID: 5103355297827
      14.02.45.602     TEST_AUTH        POST_AUTHENTICATION      D   Cookie Session ID: 5103355297827
      14.02.45.602     TEST_AUTH        POST_AUTHENTICATION      D   User is authenticated.
      14.02.45.602     TEST_AUTH        POST_AUTHENTICATION      D   User is: USER
      14.02.45.602     TEST_AUTH        POST_AUTHENTICATION      D   Define user user session with session id 5103355297827
      14.02.45.603     TEST_AUTH        POST_AUTHENTICATION      I   End - 1
      14.02.45.606     Entry Point      Entry Point              D   APEX-3 : Using session ID 5103355297827
      14.02.45.672     TEST_AUTH        PAGE_SENTRY              I   Begin - 1
      14.02.45.672     TEST_AUTH        PAGE_SENTRY              D   Current page is 1
      14.02.45.673     TEST_AUTH        PAGE_SENTRY              D   Cookie name: TEST_AUTH
      14.02.45.673     TEST_AUTH        PAGE_SENTRY              D   Cookie path:
      14.02.45.673     TEST_AUTH        PAGE_SENTRY              D   Cookie domain:
      14.02.45.674     TEST_AUTH        PAGE_SENTRY              D   login_username_cookie is: 501372C35C93CB5F529252AB917E929C
      14.02.45.674     TEST_AUTH        PAGE_SENTRY              D   Session ID does NOT exist
      14.02.45.674     TEST_AUTH        PAGE_SENTRY              D   Session ID:
      14.02.45.675     TEST_AUTH        PAGE_SENTRY              D   Cookie Session ID:
      14.02.45.696     TEST_AUTH        PAGE_SENTRY              D   Session ID by v:
      14.02.45.696     TEST_AUTH        PAGE_SENTRY              D   Session is NOT VALID?
      14.02.45.696     TEST_AUTH        PAGE_SENTRY              D   User is authenticated.
      14.02.45.697     TEST_AUTH        PAGE_SENTRY              D   User:
      14.02.45.697     TEST_AUTH        PAGE_SENTRY              I   End - 1
      14.02.45.757     TEST_AUTH        PAGE_SENTRY              I   Begin - 1
      14.02.45.758     TEST_AUTH        PAGE_SENTRY              D   Current page is 1
      14.02.45.758     TEST_AUTH        PAGE_SENTRY              D   Cookie name: TEST_AUTH
      14.02.46.015     TEST_AUTH        PAGE_SENTRY              D   Cookie path:
      14.02.46.015     TEST_AUTH        PAGE_SENTRY              D   Cookie domain:
      14.02.46.015     TEST_AUTH        PAGE_SENTRY              D   login_username_cookie is: 3034373485D9554BCE12D4BD04890F70
      14.02.46.015     TEST_AUTH        PAGE_SENTRY              D   Session ID Exists!
      14.02.46.016     TEST_AUTH        PAGE_SENTRY              D   Session ID: 7046485375930
      14.02.46.016     TEST_AUTH        PAGE_SENTRY              D   Cookie Session ID: 7046485375930
      14.02.46.016     TEST_AUTH        PAGE_SENTRY              D   Session ID by v: 7046485375930
      14.02.46.016     TEST_AUTH        PAGE_SENTRY              D   Session is VALID?
      14.02.46.017     TEST_AUTH        PAGE_SENTRY              D   User is NOT authenticated.
      14.02.46.017     TEST_AUTH        PAGE_SENTRY              D   User: nobody
      14.02.46.017     TEST_AUTH        PAGE_SENTRY              I   End - 1
      14.02.46.291     Entry Point      Entry Point              D   PAGE 1: Not authenticated
      
      53 rows selected.
      and now when moving to another page:
      14.03.30.997     TEST_AUTH        PAGE_SENTRY              I   Begin - 1
      14.03.30.997     TEST_AUTH        PAGE_SENTRY              D   Current page is 1
      14.03.30.998     TEST_AUTH        PAGE_SENTRY              D   Cookie name: TEST_AUTH
      14.03.30.998     TEST_AUTH        PAGE_SENTRY              D   Cookie path:
      14.03.30.999     TEST_AUTH        PAGE_SENTRY              D   Cookie domain:
      14.03.30.999     TEST_AUTH        PAGE_SENTRY              D   login_username_cookie is: 3034373485D9554BCE12D4BD04890F70
      14.03.31.000     TEST_AUTH        PAGE_SENTRY              D   Session ID Exists!
      14.03.31.000     TEST_AUTH        PAGE_SENTRY              D   Session ID: 7046485375930
      14.03.31.000     TEST_AUTH        PAGE_SENTRY              D   Cookie Session ID: 7046485375930
      14.03.31.000     TEST_AUTH        PAGE_SENTRY              D   Session ID by v: 7046485375930
      14.03.31.001     TEST_AUTH        PAGE_SENTRY              D   Session is VALID?
      14.03.31.001     TEST_AUTH        PAGE_SENTRY              D   User is NOT authenticated.
      14.03.31.001     TEST_AUTH        PAGE_SENTRY              D   User: nobody
      14.03.31.002     TEST_AUTH        PAGE_SENTRY              I   End - 1
      14.03.31.050     TEST_AUTH        PAGE_SENTRY              I   Begin - 1
      14.03.31.051     TEST_AUTH        PAGE_SENTRY              D   Current page is 10
      14.03.31.051     TEST_AUTH        PAGE_SENTRY              D   Cookie name: TEST_AUTH
      14.03.31.052     TEST_AUTH        PAGE_SENTRY              D   Cookie path:
      14.03.31.052     TEST_AUTH        PAGE_SENTRY              D   Cookie domain:
      14.03.31.069     TEST_AUTH        PAGE_SENTRY              D   login_username_cookie is: 3034373485D9554BCE12D4BD04890F70
      14.03.31.069     TEST_AUTH        PAGE_SENTRY              D   Session ID Exists!
      14.03.31.069     TEST_AUTH        PAGE_SENTRY              D   Session ID: 7046485375930
      14.03.31.070     TEST_AUTH        PAGE_SENTRY              D   Cookie Session ID: 7046485375930
      14.03.31.070     TEST_AUTH        PAGE_SENTRY              D   Session ID by v: 7046485375930
      14.03.31.071     TEST_AUTH        PAGE_SENTRY              D   Session is VALID?
      14.03.31.071     TEST_AUTH        PAGE_SENTRY              D   User is NOT authenticated.
      14.03.31.072     TEST_AUTH        PAGE_SENTRY              D   User: nobody
      14.03.31.072     TEST_AUTH        PAGE_SENTRY              I   End - 1
      Here is the code from the test auth scheme:
      create or replace package TEST_AUTH as
      
        procedure PRE_AUTHENTICATION;
      
        function  AUTHENTICATE (p_username in  varchar2,
                                p_password in  varchar2) 
        return boolean;
      
        procedure POST_AUTHENTICATION;
      
        function PAGE_SENTRY (p_apex_user in varchar2 default 'APEX_PUBLIC_USER')
        return boolean;
      
        procedure LOGOUT;
      
      end test_auth;
      /
      sho err
      
      create or replace package body TEST_AUTH as
      -- Simple package to test what si happening to SESSION ID
      -- iun APEX 4.2
      -- For some reason it seems to get reset on post-authentications
      
        C_THIS_PACKAGE   CONSTANT  varchar2(30) := 'TEST_AUTH';
      
        procedure PRE_AUTHENTICATION is
          l_session_id         number;
          l_username           varchar2(30);
        begin
          PLJ_LG.PUSH(C_THIS_PACKAGE, 'PRE_AUTHENTICATION');
          -- Do I have a session
          if APEX_CUSTOM_AUTH.IS_SESSION_VALID then
            PLJ_LG.D('Session is VALID ...');
            l_session_id   := APEX_CUSTOM_AUTH.GET_SESSION_ID;  
            PLJ_LG.D('Session ID: '||l_session_id);
            l_session_id   := APEX_CUSTOM_AUTH.GET_SESSION_ID_FROM_COOKIE;  
            PLJ_LG.D('Cookie Session ID: '||l_session_id);
          else
            PLJ_LG.D('Session is NOT VALID?');
          end if;
          PLJ_LG.POP;
        end PRE_AUTHENTICATION;
      
        function  AUTHENTICATE (p_username in  varchar2,
                                p_password in  varchar2) 
          return boolean is
      
          l_session_id         number;
                               
        begin
          PLJ_LG.PUSH (C_THIS_PACKAGE, 'AUTHENTICATE');
      
          -- Do I have a session
          if APEX_CUSTOM_AUTH.IS_SESSION_VALID then
            PLJ_LG.D('Session is VALID ...');
            l_session_id   := APEX_CUSTOM_AUTH.GET_SESSION_ID;  
            PLJ_LG.D('Session ID: '||l_session_id);
            l_session_id   := APEX_CUSTOM_AUTH.GET_SESSION_ID_FROM_COOKIE;  
            PLJ_LG.D('Cookie Session ID: '||l_session_id);
          else
            PLJ_LG.D('Session is NOT VALID?');
          end if;
      
          PLJ_LG.D('Username is: '||p_username);
          PLJ_LG.D('Password is: '||p_password);
          if lower(p_username) = 'user' and p_password = 'password'  then
              PLJ_LG.D('User and password valid.  Authenticated');
           PLJ_LG.POP;
           return true;
          else
              PLJ_LG.D('Authentication FAILED!');
           PLJ_LG.POP;
           return false;
          end if;
      
        exception
          when others then
            PLJ_LG.E('Error in authentication function.');
            PLJ_ERR.HANDLE();
            return null;
        end AUTHENTICATE;
      
        procedure POST_AUTHENTICATION is
        
          l_session_id     number;
          
        begin
          PLJ_LG.PUSH(C_THIS_PACKAGE, 'POST_AUTHENTICATION');
      
          PLJ_LG.D('User is authenticated.');
      
          -- Check session ID stuff again
          l_session_id   := APEX_CUSTOM_AUTH.GET_SESSION_ID;  
          if APEX_CUSTOM_AUTH.IS_SESSION_VALID then
            PLJ_LG.D('Session is VALID ...');
            l_session_id   := APEX_CUSTOM_AUTH.GET_SESSION_ID;  
            PLJ_LG.D('Session ID: '||l_session_id);
            l_session_id   := APEX_CUSTOM_AUTH.GET_SESSION_ID_FROM_COOKIE;  
            PLJ_LG.D('Cookie Session ID: '||l_session_id);
          else
            PLJ_LG.D('Session is NOT VALID?');
          end if;
      
          if APEX_AUTHENTICATION.IS_AUTHENTICATED then
            PLJ_LG.D('User is authenticated.');
            PLJ_LG.D('User is: '||APEX_CUSTOM_AUTH.GET_USER);
          else    
            PLJ_LG.D('User is NOT authenticated.');
          end if;
      
          -- Create user session
          PLJ_LG.D('Define user user session with session id '||l_session_id);
          APEX_CUSTOM_AUTH.DEFINE_USER_SESSION(p_user       => 'user',  
                                               p_session_id => l_session_id);
      
          -- Re-direct to home page (1)
          owa_util.redirect_url(curl => 'f?p=101:1:'||l_session_id,
                                bclose_header => true);
           
      
          PLJ_LG.POP;
      
        exception
          when others then
            PLJ_ERR.HANDLE();
        end POST_AUTHENTICATION;
      
        function PAGE_SENTRY (p_apex_user in varchar2 default 'APEX_PUBLIC_USER')
          return boolean is
          l_session_id         number;
          l_username           varchar2(30);
      
          l_cookie_name varchar2(256);
          l_cookie_path varchar2(256);
          l_cookie_domain varchar2(256);
          l_secure boolean;
      
        begin
          PLJ_LG.PUSH (C_THIS_PACKAGE, 'PAGE_SENTRY');
      
          PLJ_LG.D('Current page is '||apex_application.g_flow_step_id);
      
          -- check to ensure that we are running as the correct database user  
          if user != upper(p_apex_user) then   
              return false;   
          end if;  
      
            APEX_CUSTOM_AUTH.GET_COOKIE_PROPS(p_app_id => 101,
                                              p_cookie_name => l_cookie_name,
                                              p_cookie_path => l_cookie_path,
                                              p_cookie_domain => l_cookie_domain,
                                              p_secure => l_secure);
                     
      
      PLJ_LG.D('Cookie name: '||l_cookie_name);
      PLJ_LG.D('Cookie path: '||l_cookie_path);
      PLJ_LG.D('Cookie domain: '||l_cookie_domain);
      
          plj_lg.d('login_username_cookie is: '||apex_authentication.get_login_username_cookie('TEST_AUTH'));
         -- Check session stuff . . .
          if APEX_CUSTOM_AUTH.SESSION_ID_EXISTS then
            PLJ_LG.D('Session ID Exists!');
          else
            PLJ_LG.D('Session ID does NOT exist');
          end if;
            l_session_id   := APEX_CUSTOM_AUTH.GET_SESSION_ID;  
            PLJ_LG.D('Session ID: '||l_session_id);
            l_session_id   := APEX_CUSTOM_AUTH.GET_SESSION_ID_FROM_COOKIE;  
            PLJ_LG.D('Cookie Session ID: '||l_session_id);
            PLJ_LG.D('Session ID by v: '||v('APP_SESSION'));
      
          if APEX_CUSTOM_AUTH.IS_SESSION_VALID then
            PLJ_LG.D('Session is VALID?');
          else
            PLJ_LG.D('Session is NOT VALID?');
          end if;
      
          if APEX_AUTHENTICATION.IS_AUTHENTICATED then
            PLJ_LG.D('User is authenticated.');
          else    
            PLJ_LG.D('User is NOT authenticated.');
          end if;
      
         -- Login page 101 IS pubic
         if APEX_CUSTOM_AUTH.CURRENT_PAGE_IS_PUBLIC then
            PLJ_LG.D('Page is public. No other actions neccessary. Exiting.');
            PLJ_LG.POP;
         return true;
         end if;
         
          -- OK Check user and pw 
          l_username     := lower(APEX_CUSTOM_AUTH.GET_USER);
          PLJ_LG.D('User: '||l_username);
          -- In real code test hashed cookie cvlaues to ensure session is safe.
          -- Leave out for moment
      
          PLJ_LG.POP;
          return true;
        exception
          when others then
            PLJ_ERR.HANDLE();
            return null;
        end PAGE_SENTRY;
      
      procedure LOGOUT is
      -- Add logout functionslity to scheme
       
          l_session_id     number;
          
        begin
          PLJ_LG.PUSH(C_THIS_PACKAGE, 'LOGOUT');
      
          -- Check session ID stuff again
          l_session_id   := APEX_CUSTOM_AUTH.GET_SESSION_ID;  
          if APEX_CUSTOM_AUTH.IS_SESSION_VALID then
            PLJ_LG.D('Session is VALID ...');
            l_session_id   := APEX_CUSTOM_AUTH.GET_SESSION_ID;  
            PLJ_LG.D('Session ID: '||l_session_id);
            l_session_id   := APEX_CUSTOM_AUTH.GET_SESSION_ID_FROM_COOKIE;  
            PLJ_LG.D('Cookie Session ID: '||l_session_id);
          else
            PLJ_LG.D('Session is NOT VALID?');
          end if;
      
        -- logout
          if APEX_CUSTOM_AUTH.IS_SESSION_VALID then              -- with out this goes into infinite loop
             apex_authentication.logout(l_session_id, 101);
          end if;
          PLJ_LG.D('Logged out');
      
          PLJ_LG.POP;
      
        exception
          when others then
            PLJ_ERR.HANDLE();
      end LOGOUT;
      
      END TEST_AUTH;
      /
      sho err