2 Replies Latest reply: Sep 5, 2013 3:01 PM by Alistair Laing RSS

    How to avoid multiple logins to same application

    mrpking

      Hi, I am using APEX version  4.2.1.00.08. I have a function for AD LDAP authentication. The authentication scheme has Set Cookie Attributes, Cookie Name SESSION_COOKIE. I have been using this for years on previous versions of APEX. As part of the 4.2 upgrade I would like it if users did not have to log in many times a day to the same application. I email links to the application, but even if they are already logged in, it opens page 101 in a new browser window and requires a second login. The email contains a link like this https://server/apex/f?p=102:2:::NO::P2_RECORDID:200000:/ I have read multiple posts, for example "Access two applications with one log in" and http://apps2fusion.com/at/64-kr/413-maintaining-authentication-between-apex-applications but I am still clueless. If a user has logged in once and has an APEX session, is it possible to click the link in the email without having to log in again to the same application? There is an after submit process Set Username Cookie and Onload Before Header process Get Username Cookie. Do I need Set Session Cookie and Get Session Cookie processes? Thanks for your time.

       

      Peter

       

      FUNCTION used for AUTHENTICATION SCHEME

      create or replace function ad_auth(

          p_username        in        varchar2,

          p_password        in        varchar2)

      return boolean

      is

          l_user            varchar2(256);

          l_ldap_server    varchar2(256)    := 'DC';

          l_domain        varchar2(256)    := 'servers';

          l_ldap_port        number            := 389;

          l_retval        pls_integer;

          l_session        dbms_ldap.session;

          l_cnt            number;

      begin

          l_user            := p_username||'@'||l_domain;

          l_session        := dbms_ldap.init( l_ldap_server, l_ldap_port ); -- start session

          l_retval        := dbms_ldap.simple_bind_s( l_session, l_user, p_password ); -- auth as user

          l_retval        := dbms_ldap.unbind_s( l_session ); -- unbind

          return true;

      exception when others then

          l_retval := dbms_ldap.unbind_s( l_session );

          return false;

      end;

        • 1. Re: How to avoid multiple logins to same application
          mrpking

          Hi,

           

          Does anyone else have to log on multiple times to the same application, when clicking a link to the application, even if you are already logged in? Do you know how to re-use a session ID? This might seem like a dumb question, but I am not familiar with cookies, etc. Any help is appreciated. Thanks.

           

          Peter

          • 2. Re: How to avoid multiple logins to same application
            Alistair Laing

            Hi Peter,

             

            I'm not familiar with LDAP but from a security point of view, I think it is wise to force your users to login if you sending them a link to a protected site. Just in case they forward the email or sharing the same computer. Could you post some of the code that you use to produce the email? It maybe that you need to concatenate &SESSION. where the session id would be in the url

             

            Regards,

            Alistair