Logged Out session can be accessed again After logout (DAD authentication)

Hello,
Please find the details of my problem below:
SCENERIO:
Current Authentication: No Authentication (USING DAD)
Authorization: MYAUTH
Frequency: Once Per Session
declare
lv_retval boolean;
lv_srec pkg_myutil.r_sessionrectype;
begin
begin
-- This is NOT Apex Session. I am checking the entry in a table to make sure user is logged in
-- and the link is not opened directly. In short making sure user opened the Apex link from the
-- Oracle Forms application.
lv_srec :=pkg_myutil.get_session_info(:P1_SID);
if lv_srec.valid_session then
lv_retval := TRUE;
else
lv_retval := FALSE;
end if;
exception
when others then
lv_retval := FALSE;
end;
return lv_retval;
end;
The Application Security property Authorization is set to : MYAUTH
Logout Navigation Bar Entries-URL TARGET: http://myapp.mycompany.com/pls/apex/apex_custom_auth.logout?p_this_app=105&p_next_url=http://mycompany.com
( I cannot put this in the Authentication Logout URL as using -DATABASE- as sentry function (DAD authentication) gives me error: No functional attributes may be set when page sentry function is '-DATABASE-'.))
so i directly modified the navigation bar entry
Now I open the apex link from my forms application, and it Works fine. For example
http://myapp.mycompany.com/pls/QRYONLYDAD/f?p=105:1:2524984933940261::NO::P1_SID:0137099300:
The authorization function takes the P1_SID value and checks in database,finds the entry so returns TRUE to display the page 1 which i call Menu page.
If I click logout, it works and takes me to the Mycompany home page.
My question:
If save that link and try to access it again AFTER LOGOUT, it still displays the page. Although the session is logged out, how come it still allows to access the page? The authorization function also doesn't fire which would have prevented it atleast. How APEX knows it still a valid session even after logout happens?
I can see that Since there is DAD authentication, the login happens automatically........ but I cannot change that method. What other option do i have?
Please help.
Jay

1.) Code for the function:
Basically we are using a private DBMS_PIPE to pass a randomly generated string and read that pipe from Apex using get_session_info. Nothing to do with Apex Session. We just want to make sure the user opened the Apex link from the application.
function get_session_info (p_session_id varchar2) return pkg_myutil.r_sessionrectype is
rv_sessionrec eft.pkg_myutil.r_sessionrectype;
lv_status NUMBER;
lv_app_id varchar2(20);
lv_EMPID VARCHAR2(20);
lv_timeout BINARY_INTEGER := 0; --A timeout of 0 allows you to read without blocking. otherwise the pipe will keep waiting and our purpose won't be solved
lv_rmstatus number;
begin
begin
-- Valid Session theme: If the pipe doesnot exist means the url is not requested from inside the Forms application.
lv_status := DBMS_PIPE.RECEIVE_MESSAGE(p_session_id,lv_timeout);
IF lv_status <> 0 THEN
raise_application_error(-20003,'Error while receiving.Status = ' || lv_status);
END IF;
DBMS_PIPE.UNPACK_MESSAGE(lv_app_id);
DBMS_PIPE.UNPACK_MESSAGE(lv_EMPID);
if lv_EMPID is null then
raise_application_error(-20004,'User EMPID is null in the session info.');
end if;
-- construct return record
rv_sessionrec.session_id:=p_session_id;
rv_sessionrec.valid_session :=TRUE;
-- remove pipe
lv_rmstatus:=DBMS_PIPE.REMOVE_PIPE(p_session_id);
if lv_rmstatus <> 0 then
null; -- think what to do
end if;
exception
when others then
rv_sessionrec.session_id:=p_session_id;
rv_sessionrec.valid_session :=FALSE;
end;
return rv_sessionrec;
end get_session_info;
2.) I guess you are right. But doesn't Apex use the Userid and password hardcoded in the DAD? because it displays the username in DAD on the page footer. But It will authenticate everytime. So I want to put another layer so that my pipe verification code executes everytime which can decide whether to show the page or redirect to a error page.
If i put in a On-Load Before Header Process on Page 1 with the pl/sql code, is there a way there to redirect to different page? I couldn't think of a way to do it. Then i can remove the code from authorization scheme and add to the On-Load process?
Does this help any?
Thanks for your prompt response.
Thanks,
Jay

Similar Messages

  • HT1212 My iPod touch is not synced and I locked myself out, how can I access it again without erasing my device?

    My iPod touch is not synced and I locked myself out, how can I access it without erasing the device?

    You will have to restore.

  • Can not access BIOS after update BIOS

    Can not access BIOS after update X220 BIOS to version 1.19
    Type: 4290-R32
    BIOS: 1.19
    http://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/8duj09uc.txt
    http://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/8duj09uc.iso
    Ask google and try anyway but not work
    - Press ThinkVantage, Press F1, Press Fn+F1
    - Power off, unplug AC, unplug battery, wait 15 miniute, try all again
    - Try to update BIOS again

    That is really weird.
    When you are in Windows, can you test and see if the F1 key is working? If it is working. Shut down the laptop then boot it back up. At the Thinkpad screen, keep spamming the F1 key and see if you are able to boot into BIOS.
    //JameZ
    Check out the Community Knowledge Base for hints and tips.
    Did someone help you today? Press the star on the left to thank them with a Kudo!
    If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!
    X240 | 8GB RAM | 512GB Samsung SSD

  • How can I lock out my iCloud? Because of forget my old password and I have do a new Apple ID but when wan to log out my iCloud it call me to logout find my iphone but already forget the password . Have any solution ?

    How can I lock out my iCloud?
    Because of forget my old password I have create a new Apple ID
    But when I wan to log out my iCloud,it call me to logout Find My iPhone.
    I had already forget the password that why I create a new Apple ID.
    Have any solution for problem like this ?

    Apps and Music are not from iCloud. Are from iTunes and App Store.
    You can change this from: Settings>iTunes and App Stores>Sign out and sign in with new ID, but you will have to pay again to download apps that you already have in your old account. Or leave it as it is to share purchases with your son.

  • ICloud logged out, how can I reinstall

    ICloud logged out, how can I reinstall.

    You don't need to reinstall. Basically, you need go to control panel (System Preferences), click in iCloud and setup again....

  • Logged out while posting an answer, AGAIN!

    Title says it all.
    Jive sucks!

    Fr. Watson wrote on 2009-07-08 19:27:
    >> If you want to know Adobe's motives I don't think a user to user forum
    >> is the right place to ask.
    Well, no..... I wasn't thinking they had a "motive" for not fixing the problem.... that question was somewhat rhetorical. To me, to say that Adobe's "motives" are involved means that they could fix the problem, but for some reason choose not to.
    Of course they can fix it. If all else fails by reducing the timeout
    on a cookie so people get logged out before they post a reply, after
    they post a reply, but not while posting a reply.
    I was wondering about the technical reason , which is a little different.
    Cookies are well understood. If you want to set a cookie with properties
    X, Y and Z, there is no technical reason why Adobe's SSO platform
    shouldn't be able to do so.
    You are then, saying, that they have a motivation for not fixing the problem, instead of there being a technical reason?
    Nice try. I am saying that if they are not fixing the problem and they
    had told me their motives under NDA, I would not tell you.
    Jochem
    Jochem van Dieten
    http://jochem.vandieten.net/

  • What does this statement mean: "There is a problem with your authentication, possibly due to inactivity. For your safety, you have been logged out and must sign in again to continue?"

    I am able to make it to the site for about 2 seconds and then I am quickly logged off and the statement, "There is a problem with your authentication, possibly due to inactivity. For your safety, you have been logged out and must sign in again to continue."
    I don't have a clue as to the problem but since this is impacting my participation in these classes and ultimately could have a negative impact on my grade, I am more than a little concerned!

    Have you allowed this site to set cookies?

  • TS4268 can't access imessage after downloading latest update on ipod touch

    can't access imessage after downloading latest update on ipod touch-----I click on SIGN IN.   The next page is typing in email address.  click NEXT.    VERIFYING.    It takes me back to sign in page.     What is wrong?          The user if and password are correct so that is not the problem.

    iOS: Troubleshooting Messages
    iOS: Troubleshooting FaceTime and iMessage activation
                                 FaceTime, Game Center, Messages: Troubleshooting sign in issues

  • When i log in i can't access my verizon info such as bill or usage info

    When I try and log in under my Verizon it wont let me go any further. It has a continue button but it just stays there. I can't access my usage or my bil.

    OK. So not just me. They've got issues, I'll try again another day. Happy St. Pat's Y'all !!

  • Not using my MacBook for a few minutes I get logged out, how can I avoid this?

    Whenever I have not used my MacBook (brand new) with Yosemite (all updates) installed not for a few minutes I get logged out and I need to login and to start all applications again. How can I stop this?
    My Energy Saving setting:

    Open the Security & Privacy pane of System Preferences and turn off automatic logout.
    (121990)

  • Can't access IPhoto after upgrade to Yosemite

    I just upgraded from Snow Leopard to Yosemite and can't access iPhoto.  I've tried to install the upgrade, but it just sits there saying Installing, but nothing is working.  Tried the IPhoto Upgrader without success.  It says that it was not necessary for me to use the upgrader.  Help!  I need access to all of my pics!

    Use Launchpad to cancel the download and try again.

  • Can't access firefox after using it as primary browser for a few years?

    I've been using Firefox for a few years with AOL dial-up access. I just switched to Comcast and after a few days I lost my connection to Firefox. The icons are there but the program won't come up. The first few days I could just use the Firefox icon to access my internet connection and then it just quit. Also was having some problems with Facebook via Firefox (kept getting error messages) just before this happened/ Please help. I can't access all my saved bookended addresses.

    There are some malware infections that make it hard to run programs (EXE) files. Hopefully you do not have one of those.
    Could you check whether it is a problem with your shortcut by starting Firefox a different way:
    Start menu > Run, type or paste the following and then press the Enter key or click Go:
    firefox.exe

  • Can't access web after install

    Installed on new SLES11 box. Livetime says it's running, but I can't access at http://<ip> or http://<ip>:8700.
    When I installed SLES, I used the defaults for server type (Print). Show I add/change to Web/LAMP?
    Or is it something else?
    thanks

    Lindsey,
    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.
    Has your problem been resolved? If not, you might try one of the following options:
    - Visit http://support.novell.com and search the knowledgebase and/or check all
    the other self support options and support programs available.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.novell.com)
    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.novell.com/faq.php
    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.
    Good luck!
    Your Novell Product Support Forums Team
    http://forums.novell.com/

  • Can't access Facebook after IOS 7.1.1. Update

    I can't access Facebook on my Ipad via Safari after the 7.1.1. IOS update. I only get a blank page. I can access Facebook via a FB app, so it's not Facebook. I have restarted the Ipad ,cleared cookies and  the history to no avail.  What is wrong? This has never happened before.

    Google has gotten more security conscience.  Do you want others to read your email?  VPN is a good thing.
    When you try to access google without the vpn on, do you get an email from google saying that they have rejected your connection attempt from a client.   There is a google parameter to allow email from an unsecure client.  Google will send you an email telling you how to make the change, when they reject your email client.  It's a hidden parameter.
    A lot of folks have gotten hacked recently in the US, so companies are implementing more security.
    Robert

  • Can't access photoshop after trial

    I subscribed after the trial ended, but I can't access the paid version.  Any ideas on what I'm doing wrong?

    Refer to this:
    Sign in or activation errors
    Mylenium

Maybe you are looking for

  • How to restrict erroneous material in 0MAT_SALES_LPRH_HIER in BW 3.1

    Hi Friends, There is one erroneous material which has junk characters in it. It has been marked as deleted in R/3. But still that material is getting pickedup into BI when I am doing full load for 0MAT_SALES_LPRH_HIER hierarchy datasource in BW 3.1.

  • Chart legend is incorrect if table is excluded in analysis

    Working on OBIEE 11.1.1.5 with Essbase source. If I include the table in the analysis, the legend of my chart looks correct (5 items). https://picasaweb.google.com/jennifer.corpus/OBIEEQuestion?authkey=Gv1sRgCMThg5CZss_9Qg&feat=directlink#56177799855

  • Regarding olap cache

    Hi,    Can anyone kindly tell olap cache realtime issues.         Thanks in advance. Edited by: Muddus on Mar 10, 2010 7:48 AM Edited by: Muddus on Mar 10, 2010 7:48 AM

  • How to delete a certificat ipcu ca on my profile

    how to delete a certificat ipcu ca on my profile,ex:general/profil/certicat sign/ipcu ca 98110b566------ and clip web

  • Multiple output products in PPM

    I have a business requirement to have multiple output products in one PPM (ex. 100 input component A produce 3 output components - 70 X, 10 Y, and 20 Z). However, in product plan assignment it doesn't allow me to enter one PPM to more than one output