Maintaining login page session id

I have a login page 101 that has some webservice calls in it and saves returned data into collections. I am using the standard login pkg :
wwv_flow_custom_auth_std.login(
P_UNAME => :P1_USERNAME,
P_PASSWORD => :P1_PASSWORD,
P_SESSION_ID => v('APP_SESSION'),
P_FLOW_PAGE => :APP_ID||':100'
I noticed that afer login and going to home page ( page 100 here ) it changes the session id , which results in wiping out my collections! Is there a way to maintain the same sessionID for the login page and use it through the application ? I thought that P_SESSION_ID => v('APP_SESSION') is supposed to do that but it actually does not !
Any hints ?
Thanks,
Sam

Scott,
I would love to upload my app to apex.oracle.com, but I can not actually do that for many reasons including the amount of work/time it may take.
But I can provide you with an overview of what I am doing there:
1- page 101 is my login page
- I have a process before submit that is basically a secure web service call (( and I think this is causing the issue but am not sure yet))
- On submit, I have a login process that basically calls a custom auth. scheme that looks like the built in auth scheme except in that it checks for users in some users table I defined and checks the role for the user to redirect to the appropriate page ... 1,2,3.....
my_sec_pkg.login(
P_UNAME => :P101_USERNAME,
P_PASSWORD => :P101_PASSWORD,
P_SESSION_ID => v('APP_SESSION'),
P_FLOW_PAGE => :APP_ID
);and my sec_pkg.login calls the standard login function:
--check for user in my users table and check the role, and finally sets the go_to_page, then
wwv_flow_custom_auth_std.login(
P_UNAME => :P1_USERNAME,
P_PASSWORD => :P1_PASSWORD,
P_SESSION_ID => v('APP_SESSION'),
P_FLOW_PAGE => :APP_ID||':'||go_to_page
);and I also have a valid_user function in this package that simply returns true if user is valid and is set to be my current auth. scheme
Now when I login to Apex >> my app >> run for the first time (user in session state is my apex_user)>> login works fine
If I log out , user in session state becomes no body and if I try to login with correct user/pwd is gives the error I reported in my first post
Another way to reproduce this error is to run the app directly in a browser , i.e type in "....../pls/apex/f?p=100:101 " , here I also will see the "nobody" user and same problem.
I am suspecious that this has to do with my web service call, since I never had such an issue before ( where I never used web services).
Another note about changing the session id in the home page ( right after I login) , I checked the session value passed to the auth. pkg, and it is the correct session id for the login page, but I don't know why it changes it in the home page ! which causes me to loose the collection that saves the web service call return!
P.S: here is my logout URL :
wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_sess=&APP_ID.:101Sorry for the time this may consume , but I tried to provide as much useful details as possible.
Thanks,
Sam

Similar Messages

  • Issue in applying SSL selectively to Login JSP Page--Session getting lost.

    Hi,
    I am facing some issues with SSL configuration on my web site running on tomcat 5.5. I am using jdk 1.5 and form based authentication with JAAS framework.
    The SSL configuration is working perfectly when applied to complete web site, but starts giving problem when applied selectively to some JSP pages. At present I am trying to apply SSL just on the login page.
    When the login screen loads up, the URL in the browser has a protocol "*https*", as expected, but it doesn't gets changed to "*http*" once the user has successfully logged in. Why is the automatic change from https to http not ocurring?
    Also I want to know which is the default page, tomcat will direct the logged in user to, once successfully authenticated using form based login; Is there any way to change this default page to some other page. It looks like that tomcat automatically directs to index.html , once the user has been successfully authenticated, but I am not so sure. My index.html page is having 4 frames; the source of these frames are different JSP pages, which are not under SSL.
    My aim is to apply SSL just on login.jsp so that password doesn't travel in clear text. Once the user is authenticated he should see index.html and the address bar's URL should change it's protocol from https to http.
    Please, find below the code in my web.xml
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>CWA Application</web-resource-name>
    <url-pattern>/about.jsp</url-pattern>
    <url-pattern>/admin_listds.jsp</url-pattern>
    <http-method>DELETE</http-method>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    <http-method>PUT</http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>*</role-name>
    </auth-constraint>
    <user-data-constraint>
    <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    <security-constraint>
    <web-resource-collection>
    <url-pattern>/*login.jsp*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>*</role-name>
    </auth-constraint>
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>CWA Application</realm-name>
    <form-login-config>
    <form-login-page>/login.jsp</form-login-page>
    <form-error-page>/login.jsp?error=true</form-error-page>
    </form-login-config>
    </login-config>
    <welcome-file-list>
    <welcome-file>login.jsp</welcome-file>
    </welcome-file-list>
    My login. jsp has below code:
    <form name="login" method="POST" action='<%= response.encodeURL(*"j_security_check*") %>' >
    <tr>
    <td width="100%">
    <table width="260" border="0" cellspacing="0" cellpadding="1">
    <tr>
    <td align="left" valign="top" rowspan="4"><img src="images/space.gif" width="15" height="5"></td>
    <td align="right" class="login-user" nowrap ><p>User name: </p></td>
    <td align="left" valign="top"><input maxLength="64" name="j_username" size="20"></td>
    </tr>
    <tr>
    <td align="right" nowrap class="login-user"><p>Password: </p>
    </td>
    <td align="left" valign="top">
    <input maxLength=\"64\" tabindex="2" type="password" name="j_password" size="20">
    </td>
    </tr>
    </form>
    The entries in my server.xml are following:
    <Connector port="8080" maxHttpHeaderSize="8192"
    maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
    enableLookups="false" redirectPort="8443" acceptCount="100"
    connectionTimeout="20000" disableUploadTimeout="true" />
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    keystoreFile="${java.home}\lib\security\cacerts" keystorePass="changeit"
    clientAuth="false" sslProtocol="TLS" />
    I have gone through the http://forums.sun.com/thread.jspa?threadID=197150 and tried implementing it; The filter as explained in the thread does gets called but the session values are still lost.
    Please note I am using javascript to go from secure "https" to "http" once the user has successfully logged in The javascript code is as below:
    top.location.href="http://localhost:8080/qtv/index.html." ;
    If I use response.sendRedirect("http://localhost:8080/qtv/index.html") for going to non-secure mode, the index.html page does not gets loaded properly. (Please note that my index.html is made of *4 frames*, as explained earlier. This is a legacy code and frames can't be removed).
    The reason for index.html not getting loaded properly is that the Address bar URL does NOT change its URL and protocol from https (https://localhost:8443/qtv/index.html ) to "*http*" (http://localhost:8080/qtv/index.html) when esponse.sendRedirect() is used ;this is the default behaviour of response.sendRedirect(). And because the protocol in address bar is https, index.html is not able to load the other JSP's in it's frames because of cross-frame-scripting security issues (The other JSP's to be loaded in frames are are NOT secure as discussed earlier).
    Please let know if any way out.
    Thanks,
    Masaai

    Hi
    try to set the maximum interval between requests
    eg:
    session.setMaxInactiveInterval(6000);
    vis

  • Session Timeout directly taking to login page

    Hi,
    In our application when session time out happens, it is directly taking to login page, instead of showing the time out error message . We have a CustomExceptionHandler defined in our application. When I debugged, I identified that the following error message
    <StateManagerImpl><restoreView> Could not find saved view state for token -ppfn0o4n8 (*ADF_FACES-30107)*
    comes when user clicks login the second time.
    We want to know how to get the error message first before it goes to the login page? Any configuration we are missing?
    Here is our applications web.xml
    <?xml version = '1.0' encoding = 'UTF-8'?>
    <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
    <description>Empty web.xml file for Web Application</description>
    <context-param>
    <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
    <param-value>client</param-value>
    </context-param>
    <context-param>
    <param-name>jndiContext</param-name>
    <param-value>inv</param-value>
    </context-param>
    <context-param>
    <param-name>UserEnvironmentName</param-name>
    <param-value>UserEnvironment</param-value>
    </context-param>
    <context-param>
    <param-name>CacheConfigureFile</param-name>
    <param-value>inv-cache.xml</param-value>
    </context-param>
    <context-param>
    <param-name>SecurityRepositoryClass</param-name>
    <param-value>oracle.communications.inventory.api.framework.security.impl.SecurityRepositoryImpl</param-value>
    </context-param>
    <context-param>
    <description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
    <param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
    <param-value>false</param-value>
    </context-param>
    <context-param>
    <param-name>oracle.adfinternal.view.rich.libraryPartitioning.ENABLED</param-name>
    <param-value>true</param-value>
    </context-param>
    <context-param>
    <param-name>ilog.views.faces.CONTROLLER_PATH</param-name>
    <param-value>/_contr</param-value>
    </context-param>
    <context-param>
    <param-name>ilog.views.faces.CONTENT_LENGTH_ENABLED</param-name>
    <param-value>true</param-value>
    </context-param>
    <context-param>
    <description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
    <param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
    <param-value>false</param-value>
    </context-param>
    <context-param>
    <param-name>APPLICATION_NAME</param-name>
    <param-value>Unified Inventory Management</param-value>
    </context-param>
    <context-param>
    <param-name>COPYRIGHT_FROM_YEAR</param-name>
    <param-value>2007</param-value>
    </context-param>
    <context-param>
    <param-name>COPYRIGHT_TO_YEAR</param-name>
    <param-value>2011</param-value>
    </context-param>
    <context-param>
    <!-- Maximum memory per request (in bytes) -->
    <param-name>org.apache.myfaces.trinidad.UPLOAD_MAX_MEMORY</param-name>
    <!-- Use 500K -->
    <param-value>512000</param-value>
    </context-param>
    <context-param>
    <!-- Maximum disk space per request (in bytes) -->
    <param-name>org.apache.myfaces.trinidad.UPLOAD_MAX_DISK_SPACE</param-name>
    <!-- Use 100M -->
    <param-value>104857600</param-value>
    </context-param>
    <filter>
    <filter-name>trinidad</filter-name>
    <filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
    </filter>
    <filter-mapping>
    <filter-name>trinidad</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
    <listener>
    <listener-class>oracle.communications.inventory.api.framework.listener.ContextListener</listener-class>
    </listener>
    <listener>
    <listener-class>oracle.communications.inventory.ui.framework.IlogContextListener</listener-class>
    </listener>
    <!-- Cartridge Installer servlet for post re-deploy -->
    <listener>
    <listener-class>
    oracle.communications.inventory.cartridge.deploy.CartridgeInstallerServletContextListener
    </listener-class>
    </listener>
    <persistence-context-ref>
    <persistence-context-ref-name>persistence/EntityManager</persistence-context-ref-name>
    <persistence-unit-name>default</persistence-unit-name>
    </persistence-context-ref>
    <listener>
    <listener-class>oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack</listener-class>
    </listener>
    <listener>
    <listener-class>oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack</listener-class>
    </listener>
    <servlet>
    <servlet-name>BIGRAPHSERVLET</servlet-name>
    <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.graph.GraphServlet</servlet-class>
    </servlet>
    <servlet>
    <servlet-name>BIGAUGESERVLET</servlet-name>
    <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.gauge.GaugeServlet</servlet-class>
    </servlet>
    <servlet>
    <servlet-name>MapProxyServlet</servlet-name>
    <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.geoMap.servlet.MapProxyServlet</servlet-class>
    </servlet>
    <servlet>
    <servlet-name>GatewayServlet</servlet-name>
    <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.graph.FlashBridgeServlet</servlet-class>
    </servlet>
    <servlet>
    <servlet-name>media</servlet-name>
    <servlet-class>oracle.communications.inventory.ui.media.servlet.MediaServlet</servlet-class>
    </servlet>
    <servlet-mapping>
    <servlet-name>BIGRAPHSERVLET</servlet-name>
    <url-pattern>/servlet/GraphServlet/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>BIGAUGESERVLET</servlet-name>
    <url-pattern>/servlet/GaugeServlet/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>MapProxyServlet</servlet-name>
    <url-pattern>/mapproxy/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>resources</servlet-name>
    <url-pattern>/bi/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>GatewayServlet</servlet-name>
    <url-pattern>/flashbridge/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>media</servlet-name>
    <url-pattern>/media_image</url-pattern>
    </servlet-mapping>
    <resource-ref>
    <res-ref-name>wm/ruleWorkManager</res-ref-name>
    <res-type>commonj.work.WorkManager</res-type>
    <res-auth>Container</res-auth>
    <res-sharing-scope>Unshareable</res-sharing-scope>
    </resource-ref>
    <filter>
    <filter-name>JpsFilter</filter-name>
    <filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
    <init-param>
    <param-name>enable.anonymous</param-name>
    <param-value>true</param-value>
    </init-param>
    <init-param>
    <param-name>remove.anonymous.role</param-name>
    <param-value>false</param-value>
    </init-param>
    <init-param>
    <param-name>addAllRoles</param-name>
    <param-value>true</param-value>
    </init-param>
    <init-param>
    <param-name>jaas.mode</param-name>
    <param-value>doasprivileged</param-value>
    </init-param>
    </filter>
    <filter>
    <filter-name>ADFLibraryFilter</filter-name>
    <filter-class>oracle.adf.library.webapp.LibraryFilter</filter-class>
    </filter>
    <filter>
    <filter-name>adfBindings</filter-name>
    <filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
    </filter>
    <filter-mapping>
    <filter-name>JpsFilter</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    </filter-mapping>
    <filter-mapping>
    <filter-name>ADFLibraryFilter</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
    <filter-name>adfBindings</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
    <servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet>
    <servlet-name>resources</servlet-name>
    <servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
    </servlet>
    <servlet>
    <servlet-name>adflibResources</servlet-name>
    <servlet-class>oracle.adf.library.webapp.ResourceServlet</servlet-class>
    </servlet>
    <servlet>
    <servlet-name>adfAuthentication</servlet-name>
    <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
    <init-param>
    <param-name>success_url</param-name>
    <param-value>/faces/InventoryUIShell</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet>
    <servlet-name>Controller</servlet-name>
    <servlet-class>ilog.views.faces.IlvFacesController</servlet-class>
    <load-on-startup>3</load-on-startup>
    </servlet>
    <servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>resources</servlet-name>
    <url-pattern>/adf/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>resources</servlet-name>
    <url-pattern>/afr/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>adflibResources</servlet-name>
    <url-pattern>/adflib/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>adfAuthentication</servlet-name>
    <url-pattern>/adfAuthentication</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>Controller</servlet-name>
    <url-pattern>/_contr/*</url-pattern>
    </servlet-mapping>
    <session-config>
    <session-timeout>35</session-timeout>
    </session-config>
    <mime-mapping>
    <extension>html</extension>
    <mime-type>text/html</mime-type>
    </mime-mapping>
    <mime-mapping>
    <extension>txt</extension>
    <mime-type>text/plain</mime-type>
    </mime-mapping>
    <jsp-config>
    <jsp-property-group>
    <url-pattern>*.jsff</url-pattern>
    <is-xml>true</is-xml>
    </jsp-property-group>
    </jsp-config>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>allPages</web-resource-name>
    <url-pattern>/</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>valid-users</role-name>
    </auth-constraint>
    </security-constraint>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Unsecured resources</web-resource-name>
    <url-pattern>/images/</url-pattern>
    <url-pattern>*.png</url-pattern>
    <url-pattern>*.gif</url-pattern>
    <url-pattern>*.jpg</url-pattern>
    <url-pattern>*.jpeg</url-pattern>
    <url-pattern>*.bmp</url-pattern>
    <url-pattern>*.css</url-pattern>
    <url-pattern>*.js</url-pattern>
    <url-pattern>/css/*</url-pattern>
    <url-pattern>/afr/blank.html</url-pattern>
    </web-resource-collection>
    </security-constraint>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>adfAuthentication</web-resource-name>
    <url-pattern>/adfAuthentication</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>valid-users</role-name>
    </auth-constraint>
    </security-constraint>
    <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
    <form-login-page>/faces/login.jspx</form-login-page>
    <form-error-page>/faces/error.jspx</form-error-page>
    </form-login-config>
    </login-config>
    <security-role>
    <role-name>valid-users</role-name>
    </security-role>
    <welcome-file-list>
    <welcome-file>/faces/InventoryUIShell</welcome-file>
    </welcome-file-list>
    </web-app>

    hi
    this can be done using a simple "Servlet Filters" which will check whether the user session is valid or not. so for every connect to the server the filter runs and redirects to the login page if the session has expired. here you can configure your filter to be activated for every URL or a patterns of urls.
    u need servlet2.3 supported server for this.
    hope this helps
    shrini
    I have an business j2ee application run on oc4j. When the session timeout declared on the web.xml expire, i want to redirect automaticaly the user to my login.jsp to force him to reconnect. I try j_security_chek, but i want to restart the business application at the top and not to the page which are request. Somebody know who i can do this mechanism. I try too special tag in jsp, this run very good but i have to repeate this call on every page. I look for an other simply mechanism to that
    Thanks

  • Session Timeout Alert + login page has changed

    Hello,
    We recently updated our SAP CRM 7.0 from EHP1 to EHP3.
    Since than we get this "Session Timeout Alert" error and it is very annoying.
    I've changed the rdisp/plugin_auto_logout parameter to 7200 s but the session is still ending after about 10min.
    On EHP1 we didn't had this problem.
    Also it seems that the login page has changed because the username and password is not saved anymore and we need to introduce them every time we log in.
    Please help to solve these problems.
    Thanks!

    Hi Sudhir,
    My issue is also not solved!
    The server restart was only another possible solution.
    Very annoying!
    Still searching....
    BR

  • Session timeouts for login page with in a html frame

    Hi, i have a login page which when the session times out gets redisplayed within the frame of the html page where the session timed out , i have tried setting the session timeouts to be less than the other application so that the login page will timeout before the documentum application but this does not make a difference.
    does any one know how i could get the login page to redisplay by itself, outside of the html frame. do i need to have some javascript to figure out if there is a frame then redraw the page etc...and how should i di this ? any working examples will be appreciated.

    You would certainly need some Javascript or use the meta-refresh tag to the session timeout time. If you set the meta-refresh tag in a frame to a time just a little bit bigger than the session timeout time and the set your security mechanisms to force the user to login in again when the session times out, the frame will refresh after the session has timed out and the application should forward the frame to the login page.
    <meta http-equiv="refresh" content="session-timeout-timeout+1">
    (timeout time is in seconds)

  • Redirecting user to login page after session expiry

    Hi,
    Default session expiry implementation in sap EP6.0 doesn't work properly. To overcome this, we have implemented one component where we check the idle time and throw the user back to the login page if the idle time has exceeded the session expiry period. This component has been added to desktop inner page as an iView. Following is the logic put in this component.
    IAuthentication ia = UMFactory.getAuthenticator();
    ia.logout(httpRequest, httpResponse);
    httpResponse.sendRedirect("/irj/portal");
    We are successfully getting the login page after session expiry. Issue is, our portal server is running on 11111 port. We cannot change this to 80 on unix because of unix limitations for the port number. So we have put one apache web server before our portal server. Apache web server is listening on port 80 and forwarding the request to our portal server.
    Now when user is redirected to the login page, url being shown in the browser is http://<host_name>:11111/irj/portal but I am expecting http://<host_name>/irj/portal (without port). I have tried putting the full url in sendRedirect() method but that too doesn't work.
    Any help is highly appreciated.
    Regards,
    Chandra

    Hi Chandra,
    Let the URL be relative in the sendRedirect i.e.
    httpResponse.sendRedirect("/irj/portal");
    However since you have a Reverse proxy in front, the response header for redirect will not contain the address of the reverse proxy in this case, your servername without port. You have to properly configure your reverse proxy so that the HTTP Headers are changed properly before sending the response to the users.
    Check this URL,
    http://httpd.apache.org/docs/1.3/mod/mod_proxy.html#proxypassreverse
    This gives you the details on configuring your apache.
    Hope this helps.
    Ankur
    P.S. If this helps please reward points.

  • Session/cookie in an app without login page

    Hi,
    I know there are several threads about setting a cookie, checking session etc. But none seem to address my issue. Here's my problem:
    - I don't have a login page in my apex app. My user logs in from an external program and his userid is captured in the HTTP header variable 'remote_user'.
    - I added some PL/SQL code in the 'page sentry function' to check if this user is in the database(basically check if he is in one of the tables) and if he is not, show him the page without the create/edit/delete buttons. If he is in our database, show the same pages with all types of buttons.
    - Putting this code in page sentry function seems to work, but I am unable to logout since there is no cookie set! If I try to set a cookie in the page sentry function, it is breaking at the redirect line. Also, I don't think page sentry is the right place to set a cookie since it executes at every page.
    - Putting the above code in any other block (session verify function, pre-authentication, authentication, post-authentication etc) does not even execute. I put a simple 'insert' query to see if it executes, but it does not!
    Given this, what is the best way and place to set/check cookie in my app? I tried to enhance Scott's session timeout utility, but my app does not have a login function as I explained above, so I am unable to do that. Any help is appreciated!
    Thanks.
    Shuba

    I tried to do that. If you read my very first post in this thread, specifically "If I try to set a cookie in the page sentry function, it is breaking at the redirect line. Also, I don't think page sentry is the right place to set a cookie since it executes at every page.", I tried to set a cookie but it is throwing an error at the page.
    I think all these complication is because I dont have a login page and I am using a HTTP header variable to validate the user. Given that, where should I set the cookie?
    I also tried to do this:
    - create an appliaction item called 'testuser'
    - create an application computation to run 'before header' which sets the value of this to my HTTP header variable.
    - When I retrieve the app item 'testuser' from a page, it is getting the correct value. But when I use this in the authentication scheme, it is returning null. Any idea why??
    I know I am throwing a lot of questions. That is because I am trying a lot of approaches and each of them is posing a new set of challenges. I am actually looking for alternative ways to do what I am looking to do.
    Thanks.
    Shuba

  • Can't Set Session State from the Login Page

    I have a dilema. On the standard login page I enter values in 2 fields namely, CAMPUS (Select List) and USERNAME (text field).
    After clicking on the login button I want to navigate to PAGE 1 and use the values of CAMPUS and USERNAME to filter data. I have created two APPLICATION Level items (A_USERNAME,A_CAMPUS) to which I assign the values of USERNAME and CAMPUS in two AFTER SUBMIT computations on the login page.
    When I arrive on PAGE 1 the session state values of A_USERNAME,A_CAMPUS are still both null therefore the query returns null. It seems that the login process does not issue a SUBMIT for session state to be saved. How do I save the values in session state on login?
    In the Login PROCESS, can I specify the Page 1 items to be set and the values to set them in a URL somewhere? Is it here?
    wwv_flow_custom_auth_std.login(
    P_UNAME => :P101_USERNAME,
    P_PASSWORD => :P101_PASSWORD,
    P_SESSION_ID => v('APP_SESSION'),
    P_FLOW_PAGE => :APP_ID||':1' <<========here?
    If so what is the correct syntax?
    If I revisit the login page a second time, a submit is issued and the values are set in session state.
    Anyone got any ideas??
    I tried creating a standard position button which issues a submit but this didn't work either.
    regards
    Paul J Platt

    Unfortunately your solution is causing problems with retrieving cookies that I try to get for the campus and username during a "Before Header Process" as well. The cookies are normally set on an "After Submit" process. When I return to the login page I get
    Error ERR-1029 Unable to store session info. session=10760914996048113736 item=8561939526127479
    ORA-02291: integrity constraint (FLOWS_010600.WWV_FLOW_DATA_FK) violated - parent key not found
    But if I turn the cookies off, it seems to work OK.
    regards
    Paul JP

  • Creating login page - direct users to a unique file based on unique id?

    Hello - I am in the process of creating a login page that will direct users to a unique page based on their unique id.  I would normally go to Server Behaviors>User Auth>Log In User, but that gives me the option of browsing only one file for all usernames and that's not what I need.  So basically, if the user logs in with the Caterpillars username, it takes them directly to the Caterpillars page and if they log in with the Butterflies username, it takes them to the Butterflies page (yes, it's a preschool with goofy classroom names!).  If it matters, I'm using MySql and the page is .php.  I tried to upload the php, but it gave me an error "the content type of this attachment is not allowed" - not sure what that's all about - sorry.
    Thanks in advance!!

    I was trying to do the latter - store the path for each individual file (catepillars.html, butterflies.html, etc) in the database with the login info.
    My problem is that I can't get it to direct to that page in the code.  My understanding is that I have to tell it in within this code <?php echo $row_MM_Username['login']; ?> that if username is caterpillars then they go directly to caterpillars.html...
    For your desire you don't need extra database fields, recordsets, session variables or anything else if you want to direct username to a static username.html file
    Instead use a dynamic META redirect in <head> of success.php page based on session variable for Username and append .html to the username.
    <META http-equiv="refresh" content="0;URL=http://example.com/<?php echo $SESSION['MM_Username']; ?>.html">
    You could add the show if users is logged in server behavior to success.php and wrap the meta redirect in it so that if the user is logged in then you are redirected to username.html or just add a restrict access SB so that you can not visit success.php (and be redirected to username.html) unless you are logged in.
    Does that solve your problem?
    It may have been easier to explain if your original inquiry mentioned that you wanted logged in users to go to a static .html page based on their username like username.html (sighs). FWIW I would still follow my original recommendation of using one dynamic file to display different users info on one page because as mentioned you only have to maintain one file vs. multiple static files.

  • Help with Coldfusion 5 login page

    Hi
    I want to setup a login page for my company website. This is running in Coldfusion version 5(I know its very old version). I never worked with Coldfusion before. Is there any setting in Control panel that we can require user to login to view any of our contents? or do we have edit all the pages and redirect to a login page if thats a not registered user? Please advice me.
    I cant upgrade this server to new version,because this project contract is finishing end of this year.
    Thanks
    Ananth

    You want to search up the "Application.cfm" file.
    In ColdFusion this file is automatically included at the beginning of all .cfm files requested from the same directory or any sub-directroy that does not have another Application.cfm file.  It is a common place to put login logic and other code that needs to be executed with every ColdFusion request.
    You will also want to know about the <cfapplication ...> tag that is used to name an application and provide access to applicaiton and session state scopes so that a login state can be maintained from request to request.
    A great resource would be the ColdFusion documentation that has entire chapters compete with sample code on how to set up web site authentication:
    Using the Application Framework
    Application Security
    http://www.adobe.com/livedocs/coldfusion/5.0/

  • Redirect to Portal Login page from portlet

    We have lots of applications on the portal and many of them need the logged in user information to provide the right display context. For example, "My Notes" where notes are stamped with the user's login id. Our portlet applications show exception messages when the user id is unavailable. Pressing a refresh button takes them to the portal login page.
    Does anyone know how to redirect to the portal login page? Here is how I would like it to work: A user has the application up beyond the session timeout period and does something that causes the page to submit. At the application server we look for the logged in user ID which is missing due to session timeout and we send them to the portal login page.
    Thanks! Mike

    Hi James,
    <br />
    <br />I fear this isn´t possible to do with ADDT, as it will - when using its Restrict Access To Page behaviour - always redirect to the page you specified in the Control Panel.
    <br />
    <br />However you can help yourself with a simple custom PHP redirect script
    <i>(place it @ @ line 1 of your document)</i> which checks whether the "kt_login_id" Session Variable is set, and if it´s not set, redirect to a different login page:
    <br />
    <br /><?php<br />if (!isset($_SESSION['kt_login_id'])) {<br />header('Location: http://www.example.com/directory/login.php') ;<br />}<br />?>
    <br />
    <br />Hint: users who login via a different login page will still be redirected to ADDT´s default login page when logging out
    <br />
    <br />Cheers,
    <br />Günter Schenk
    <br />Adobe Community Expert, Dreamweaver

  • Not able to access the portal login page and idenetity console page

    Hi all.
    I installed PS 6.1 on a new Solaris 8 Box. DNS is not configured for this box.
    I use netscape browser on the solaris boz to test my installation - everything is fine
    issue:
    When i tried to access the amconsole or amserver/UI/Login application, it bombs with the following exception.
    but i can see the default webserver page (or any static html for that matter).
    any clue?
    10/28/2003 03:22:22:776 PM EET: Thread[Thread-195,5,main]
    ERROR: Exception occured
    java.lang.Exception: Service URL not found:session
    at com.iplanet.services.naming.WebtopNaming.getServiceURL(WebtopNaming.java:180)
    at com.iplanet.dpro.session.Session.getSessionServiceURL(Session.java:686)
    at com.iplanet.dpro.session.Session.getSessionServiceURL(Session.java:668)
    at com.iplanet.dpro.session.Session.getSession(Session.java:540)
    at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:73)
    at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:280)
    at com.sun.identity.authentication.service.AuthUtils.getOrigLoginURL(AuthUtils.java:1546)
    at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:253)
    at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:783)
    at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:434)
    at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:312)
    at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:282)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at com.iplanet.server.http.servlet.NSServletRunner.invokeServletService(NSServletRunner.java:919)
    at com.iplanet.server.http.servlet.WebApplication.service(WebApplication.java:1061)
    at com.iplanet.server.http.servlet.NSServletRunner.ServiceWebApp(NSServletRunner.java:981)

    I am facing the same problem. I am using Custom Authentication module. When I access the login page for this custom authentication module I got this error. I have DNS entry and added the IP Adress in the host file too. Anyone tell us, what could be the problem?

  • Login error in the login page ...

    Hi all,
    I have a few applications in my work space but one of the application I can not run, when try to run getting this error message -
    ORA-06550: line 1, column 10: PLS-00201: identifier 'RATIS_USER.IS_ADMIN' must be declared ORA-06550: line 1, >column 7: PL/SQL: Statement ignoredIn the debug section, it shows the following -
    0.02:0.02: S H O W: application="37206" page="101" workspace="" request="" session="3410044959524885"
    0.03: alter session set nls_language="ENGLISH"
    0.03: alter session set nls_territory="UNITED KINGDOM"
    0.03: NLS: CSV charset=WE8MSWIN1252
    0.03: ...NLS: Set Decimal separator="."
    0.03: ...NLS: Set NLS Group separator=","
    0.03: ...NLS: Set date format="DD-MON-RR"
    0.03: ...Setting session time_zone to -05:00
    0.03: NLS: Language=en-gb
    0.03: Application 37206, Authentication: CUSTOM2, Page Template: 5425767280642058915
    0.03: ...Session ID 3410044959524885 can be used
    0.03: ...New Instance Detected - :4500:4350:4000:50843
    0.03: ...Application session: 3410044959524885, user=TAJUDDIN335
    0.03: ...Determine if user "TAJUDDIN335" workspace "2617034107818392993" can develop application "37206" in workspace "2617034107818392993"
    0.03: Session: Fetch session header information
    0.03: ...Metadata: Fetch page attributes for application 37206, page 101
    0.03: Fetch session state from database
    0.03: Branch point: BEFORE_HEADER
    0.03: Authorization Check: "5474429220436784237" User: "TAJUDDIN335" Component: "APPLICATION"
    0.03: Fetch application meta data
    0.04: Computation point: ON_NEW_INSTANCE
    0.04: ...Perform computation of item: F102_APP, type=STATIC_ASSIGNMENT
    0.04: ...Performing static computation
    0.04: ...Session State: Save "F102_APP" - saving same value: "RATIS - Recreation And Tourism Information System "
    0.04: ...New Session = True
    0.04: Processing point: AFTER_AUTHENTICATION
    0.04: ...Process "set_is_admin": PLSQL (AFTER_AUTHENTICATION) IF ratis_user.is_admin(:APP_USER) THEN :F102_IS_ADMIN := 'TRUE'; ELSE :F102_IS_ADMIN := 'FALSE'; END IF;
    0.04: Encountered unhandled exception in process type PLSQL
    0.04: Show ERROR page...
    0.04: Performing rollback...
    0.05: Processing point: AFTER_ERROR_HEADER
    >
    I could not find anything in the login page 101, I had one custom_authentication package which I have removed but still the same error. Any ideas ....!!!
    Thanks in advance,
    Tajuddin

    Looks like you have an on-new instance application process that calls a non-existent function "ratis_user.is_admin".
    Scott

  • Getting AADSTS50020 error on microsoft login page when using Azure Active Directory Authentication

    We have implemented Azure Ad single sign on using auto generated code from Visual studio 2013 with organization account authentication and its working fine.
    The problem is when user is logged in in azure management portal with his live account and in other tab he try to open our app, then he directly gets below error on Microsoft login page.
    Additional technical information:
    Correlation ID: 78e13474-6f92-40ec-b463-91e36a6dae84
    Timestamp: 2015-04-14 12:27:20Z
    AADSTS50020:
    User account '[email protected]' from external
    identity provider 'live.com' is not supported for application
    'https://xxxxx.onmicrosoft.com/xxxx'. The account needs to
    be added as an external user in the tenant. Please sign out and sign in
    again with an Azure Active Directory user account.
    It works fine if I log out from management portal. Is there any way to resolve this issue without forcing user to log out from live account(management portal)?

    I assume you created a web application using VS2013 which uses the WS-Federation protocol.
    The behavior that you are seeing is expected Single-sign-on because you are logged in using the live account in the management portal.
    For WS-Federation, there is no current way for a caller to specify they want to force a fresh login, so the behavior is always the equivalent of LoginBehavior.Normal.
    The user will need to either sign-out or use an in-private session in the browse.
    If you switch to openID connect(sample at
    https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet) and use the “prompt=login” query paramerter in the sign in request, this will force a fresh login.

  • Unable to reach Workspace Login Page

    Hi,
    First some background - I am an Apex developer / administrator. I do not have a DBA background. DBAs install the Apex software and I administer the webserver (although my experience with webservers is that which I've picked up using Apex) and develop applications.
    We are currently upgrading our DEV, QA and PROD APEX installations from 2.2.1 to 3.1.1 (specifically 3.1.1.00.09).
    We are using Oracle HTTP Server from the Oracle 10.1 companion disk.
    We completed this for our DEV and QA environments without a problem. We have not done this for our PROD environment yet.
    We also installed APEXLIB 1.7 in both DEV and QA. This was working successfully in DEV. We had not tried it yet in QA.
    Both 3.1.1 upgraded environments have been running successfully for about 10 days since the upgrade.
    However our QA environment (Oracle 10.2.0.3 running on HP-UX B.11.11 ) experienced a problem yesterday - we can no longer access any Apex applications including the Workspace login pages or application login pages.
    The error we get in the browser is:
    Expecting p_company or wwv_flow_company cookie to contain security group id of application owner.
    Error ERR-7620 Could not determine workspace for application ().
    We experienced a problem with our QA environment before (prior to upgrade) and we needed to flush the shared pool a few months ago as a temporary fix for this as has been noted on this forum. The problem in question was addressed in this forum post: Re: ORA-06502:PL/SQL: numeric or value error: NULL index table key value
    However, with the current problem, flushing the shared pool has not solved the issue. It may not be related.
    When we access the workspace login page: http://our_url/apex/crmqa/f?p=4550:1, I see nothing in the Apache logs to indicate an error.
    The access_log.xxx file in the Apache logs lists this ...
    ip_address_here - apex_public_user [16/Jul/2008:15:15:15 -0500] "GET /apex/crmqa/f?p=4550:1 HTTP/1.1" 200 455
    The error_log.xxx file is empty.
    I temporarily turned on mod_plsql logging
    When I tried to access http://our_url/apex/crmqa/f?p=4550:1
    The cid1.log file contained...
    <337703562 ms>[ReqStartTime: 16/Jul/2008:15:23:43]
    <337703562 ms>Request ID ReqID:6136_1216239823
    <337703562 ms>Connecting to database with connect string : "(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=ip_address_here)(PORT=1526)))(CONNECT_DATA=(SID=crmqa1)))"
    <337704171 ms>Doing alter session set nls_language= "AMERICAN" nls_territory= "AMERICA"
    <337704171 ms>OpenCursor
    <337704234 ms>Altered session to nls_language=AMERICAN nls_territory=AMERICA
    <337704234 ms>DeinitCursor
    <337704234 ms>OpenCursor
    <337704453 ms>DBCharSet is AMERICAN_AMERICA.WE8ISO8859P1, OWAVersion 10.1.2.0.6, 1001020006 (rc=0)
    <337704453 ms>DeinitCursor
    <337704453 ms>OpenCursor
    <337704453 ms>(wpd.c,1757) Logged in as (unknown)
    <337704453 ms>(wpx.c,559) Going to select...
    <337704453 ms>(wpx.c,613) Have been asked to execute a request
    <337704453 ms>(wppa.c,326) Building Arglist based on Parsed Content from WRB
    <337704453 ms>(wppa.c,1007) Enter ParseUrlData
    <337704453 ms>GET
    <337704453 ms>(wppa.c,1056) Getting Values from QUERY_STRING
    <337704453 ms>[headers begin]
    <337704453 ms>[headers end]
    <337704453 ms>p=4550:1
    <337704453 ms>(wppa.c,1499) indx = 1, entryCnt = 1
    <337704453 ms>(wppa.c,1849) Listing distinct actual names:
    <337704453 ms>(wppa.c,1851) p
    <337704453 ms>(wppa.c,1853) Listing actuals of array with large entries:
    <337704453 ms>(wppa.c,1858) Listing distinct actual names and values:
    <337704453 ms>(wppa.c,1890) p, type = 0, value (7) = 4550:1
    <337704453 ms>(wppa.c,421) Arglist built, 1 unique entries
    <337704453 ms>(wpx.c,620) Going to wpprodb_OciDoBlock...
    <337704453 ms>(wpd.c,2734) Cache enabled. Gathering cache information.
    <337704453 ms>(wpd.c,2752) Language for this request is en-us
    <337704453 ms>(wpd.c,2803) Using user apex_public_user for caching.
    <337704453 ms>cache: Checking for user level hit
    <337704453 ms>cache: Cache MISS user - D:\oracle\product\10.1.0\db_1/Apache/modplsql/cache\plsql\712\2063
    <337704453 ms>cache: Checking for system level hit
    <337704453 ms>cache: Cache MISS system - D:\oracle\product\10.1.0\db_1/Apache/modplsql/cache\plsql\sys\878\4773
    <337704453 ms>(wppr.c,393) start working with f
    <337704453 ms>(wppr.c,1005) The CALL block: len=503, bind_count=9
    declare
    rc__ number;
    start_time__ binary_integer;
    begin
    start_time__ := dbms_utility.get_time;
    owa.init_cgi_env(:n__,:nm__,:v__);
    htp.HTBUF_LEN := 84;
    null;
    null;
    null;
    null;
    f(p=>:p);
    if (wpg_docload.is_file_download) then
    rc__ := 1;
    wpg_docload.get_download_file(:doc_info);
    null;
    null;
    null;
    commit;
    else
    rc__ := 0;
    null;
    null;
    null;
    commit;
    owa.get_page(:data__,:ndata__);
    end if;
    :rc__ := rc__;
    :db_proc_time__ := dbms_utility.get_time - start_time__;
    end;
    <337704453 ms>(wppr.c,462) Pl/sql block parsed...
    <337704453 ms>(wpdenv.c,1495) CGI Environment has 29 vars. Max name len 128, Max Value Len 128
    <337704453 ms> PLSQL_GATEWAY(14)=(6)WebDb
    <337704453 ms> GATEWAY_IVERSION(17)=(2)2
    <337704453 ms> SERVER_SOFTWARE(16)=(59)Oracle-Application-Server-10g/9.0.4.0.0 Oracle-HTTP-Server
    <337704453 ms> GATEWAY_INTERFACE(18)=(8)CGI/1.1
    <337704453 ms> SERVER_PORT(12)=(3)80
    <337704453 ms> SERVER_NAME(12)=(12)server_name_here
    <337704453 ms> REQUEST_METHOD(15)=(4)GET
    <337704453 ms> QUERY_STRING(13)=(9)p=4550:1
    <337704453 ms> PATH_INFO(10)=(3)/f
    <337704453 ms> SCRIPT_NAME(12)=(12)/apex/crmqa
    <337704453 ms> REMOTE_ADDR(12)=(14)remote_ip_address_here
    <337704453 ms> SERVER_PROTOCOL(16)=(9)HTTP/1.1
    <337704453 ms> REQUEST_PROTOCOL(17)=(5)HTTP
    <337704453 ms> REMOTE_USER(12)=(17)apex_public_user
    <337704453 ms> HTTP_USER_AGENT(16)=(95)Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
    <337704453 ms> HTTP_HOST(10)=(12)hostname_here
    <337704453 ms> HTTP_ACCEPT(12)=(4)*/*
    <337704453 ms> HTTP_ACCEPT_ENCODING(21)=(14)gzip, deflate
    <337704453 ms> HTTP_ACCEPT_LANGUAGE(21)=(6)en-us
    <337704453 ms> HTTP_ORACLE_ECID(17)=(37)1216239823:ecid_ip_address_here??:7200:6136:1,0
    <337704453 ms> WEB_AUTHENT_PREFIX(19)=(1)
    <337704453 ms> DAD_NAME(9)=(6)crmqa
    <337704453 ms> DOC_ACCESS_PATH(16)=(5)docs
    <337704453 ms> DOCUMENT_TABLE(15)=(23)wwv_flow_file_objects$
    <337704453 ms> PATH_ALIAS(11)=(1)
    <337704453 ms> REQUEST_CHARSET(16)=(5)UTF8
    <337704453 ms> REQUEST_IANA_CHARSET(21)=(6)UTF-8
    <337704453 ms> SCRIPT_PREFIX(14)=(6)/apex
    <337704453 ms> HTTP_IV_USER(13)=(1)
    <337704453 ms>StrArrPosBind pos 2 Charset Id : 871
    <337704453 ms>StrArrPosBind pos 3 Charset Id : 871
    <337704453 ms>StrArrPosBind pos 6 Charset Id : 871
    <337704781 ms>(wpd.c,1954) Begin header parsing...
    <337704781 ms>(wpd.c,2003) Got a line (47 bytes): X-ORACLE-IGNORE: IGNORE
    <337704781 ms>(wpd.c,2021) X-ORACLE-IGNORE parsed
    <337704781 ms>(wpd.c,2003) Got a line (47 bytes): X-ORACLE-IGNORE: IGNORE
    <337704781 ms>(wpd.c,2021) X-ORACLE-IGNORE parsed
    <337704781 ms>(wpd.c,2003) Got a line (47 bytes): X-ORACLE-IGNORE: IGNORE
    <337704781 ms>(wpd.c,2021) X-ORACLE-IGNORE parsed
    <337704781 ms>(wpd.c,2003) Got a line (47 bytes): X-ORACLE-IGNORE: IGNORE
    <337704781 ms>(wpd.c,2021) X-ORACLE-IGNORE parsed
    <337704781 ms>(wpd.c,2003) Got a line (77 bytes): Content-type: text/html; charset=UTF-8
    <337704781 ms>(wpd.c,2102) Parsed header - Content-Type:text/html; charset=UTF-8
    <337704781 ms>(wpd.c,2003) Got a line (49 bytes): X-DB-Content-length: 443
    <337704781 ms>(wpd.c,2162) Parsed header - X-DB-Content-length:443
    <337704781 ms>(wpd.c,2003) Got a line (1 bytes):
    <337704781 ms>(wpd.c,2010) End of headers detected
    <337704843 ms>(wpcs.c, 76) Executed 'begin dbms_session.reset_package; end;' (rc=0)
    <337704843 ms>(wpd.c,1812) Going to close cursor
    <337704843 ms>DeinitCursor
    <337704843 ms>(wpx.c,626) Normal completion
    <337704843 ms>(wpx.c,654) Shutdown has been called
    <337704843 ms>(wpx.c,666) Going to logoff
    <337704843 ms>Logoff: Pooling this connection
    <337704843 ms>[ReqEndtime: 16/Jul/2008:15:23:44]
    <337704843 ms>[ReqExecTime: 1281 ms]
    and the 6136.log file contained...
    <337703562 ms>[ReqStartTime: 16/Jul/2008:15:23:43]
    <337703562 ms>Request ID ReqID:6136_1216239823
    <337703562 ms>(wpdenv.c,663) script_name='/apex/crmqa' path_info='/f'script_prefix='/apex' dad_name='crmqa'
    <337703562 ms>(wpdenv.c,776) User-Agent is Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
    <337703562 ms>(wpdenv.c,1388) dadname = 'crmqa', path_info = 'f'
    <337703562 ms>(wpdenv.c,1427) Service will NOT use dynamic auth
    <337703562 ms>(wpx.c,387) Initialized successfully 0
    <337703562 ms>(wpx.c,309) SetRemoteUser : Remote User set to apex_public_user for this request.
    <337703562 ms>(wpx.c,476) Auth info from .APP file is being used
    <337703562 ms>(wpd.c,1724) Attempting to logon with '(unknown)'
    <337704843 ms>Maximum memory allocated by the request is 75158 bytes
    <337704843 ms>[ReqEndtime: 16/Jul/2008:15:23:44]
    <337704843 ms>[ReqExecTime: 1281 ms]
    The DAD config file contains the following entries...
    # ============================================================================
    # mod_plsql DAD Configuration File
    # ============================================================================
    # 1. Please refer to dads.README for a description of this file
    # ============================================================================
    # /i contains version 221 images
    Alias /i "D:\oracle\product\10.1.0\db_1\Apache\Apache\images"
    Alias /i31 "D:\oracle\product\10.1.0\db_1\Apache\Apache\images311"
    <Location /apex/crmqa>
    SetHandler pls_handler
    Order deny,allow
    Allow from all
    AllowOverride None
    PlsqlCGIEnvironmentList HTTP_IV_USER
    PlsqlDatabaseUsername apex_public_user
    PlsqlDatabasePassword xxx
    PlsqlDatabaseConnectString ip_address:port_number:crmqa1
    PlsqlDefaultPage apex
    PlsqlDocumentTablename wwv_flow_file_objects$
    PlsqlDocumentPath docs
    PlsqlDocumentProcedure wwv_flow_file_mgr.process_download
    PlsqlAuthenticationMode Basic
    PlsqlNLSLanguage AMERICAN_AMERICA.UTF8
    </Location>
    <Location /apex/crmdev>
    SetHandler pls_handler
    Order deny,allow
    Allow from all
    AllowOverride None
    PlsqlCGIEnvironmentList HTTP_IV_USER
    PlsqlDatabaseUsername apex_public_user
    PlsqlDatabasePassword xxx
    PlsqlDatabaseConnectString ip_address:port_number:crmdev1
    PlsqlDefaultPage apex
    PlsqlDocumentTablename wwv_flow_file_objects$
    PlsqlDocumentPath docs
    PlsqlDocumentProcedure wwv_flow_file_mgr.process_download
    PlsqlAuthenticationMode Basic
    PlsqlNLSLanguage AMERICAN_AMERICA.UTF8
    </Location>
    The DAD entries above point to databases on which Apex is version 3.1.1 and we have modified the image prefix on these database to be a value of /i31, using the script reset_image_prefix.sql.
    This DAD file also contains DAD entries (not included above) for other database running Apex 2.2.1 which are using the default image prefix value of /i
    I can ping the database ip address from the machine on which the OHS webserver is running.
    I have installed OHS on my local laptop and have the same problems.
    I can however execute a procedure on the database using the same OHS / DAD configuration running something like http://our_url/apex/crmqa/schema_name.test_connection?v_wait=1where the proc test_connection proc sleeps for v_wait seconds before returning a simple html page confirming that it worked.
    I can login to the apex_public_user account via my SQL Developer client
    At this point I do not know what else to try to resolve this issue. I am about to start trawling through metalink for related issues if I can find anything.
    Any assistance is very much appreciated...
    Thank you.
    Alan

    I also see this post on Metalink - could it be related?
    https://metalink.oracle.com/metalink/plsql/f?p=130:14:12042222629340980284::::p14_database_id,p14_docid,p14_show_header,p14_show_help,p14_black_frame,p14_font:NOT,429261.1,1,1,1,helvetica
    Subject: After upgrading database to 10.2.0.X, getting ORA-06502: PL/SQL: numeric or value error:
    Doc ID: Note:429261.1 Type: PROBLEM
    Last Revision Date: 08-MAY-2008 Status: MODERATED
    In this Document
    Symptoms
    Changes
    Cause
    Solution
    References
    This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process, and therefore has not been subject to an independent technical review.
    Applies to:
    Oracle Application Express (formerly HTML DB) - Version: 2.0.0.0.49
    This problem can occur on any platform.
    Symptoms
    On the Application builder page, when attempting to click details to view the applications, the following error occurs:
    ORA-06502: PL/SQL: numeric or value error: NULL index table key value
    However, the problem seems to disappear after a while..
    Changes
    Upgrade of database (from any version to 10.2.0.1 or 10.2.0.2)
    Cause
    The reason is due to database Bug 4752541 Abstract: APPSST 10G: ORA-6550 AFTER UPGRADE TO 10.2.0.1. However Patch 47552541 is obsoleted and not available via metalink, it was superceded by Patch 5705795.
    This bug is fixed in patchset 10.2.0.4 and above. For current and older versions, Patch 5705795 must be applied. If the patch cannot be found for a particular version or O/S , log a service request with Oracle Support to obtain the patch.
    This is also documented in the Apex forum page: Re: wwv_flow.accept error lists the following bug as
    root cause.
    Solution
    Interim solution:
    Flush the database shared pool when the problem occurs
    Permanent solution:
    Upgrade database to 10.2.0.4 or above
    OR
    Download and apply database Patch 5705795. If the version for your database is not available , create a new Service request from metalink under product RDBMS to request for a patch
    References
    Bug 4752541 - APPSST 10G: ORA-6550 AFTER UPGRADE TO 10.2.0.1
    Keywords
    UPGRADE~DATABASE; UPGRADE~TO~10.2.0.4; UPGRADE~TO~10.2.0.1; APPLICATION~DETAILS; UPGRADE~FROM~10.2.0.2; UPGRADE~TO~10.2.0.3; VIEW~DETAILS;

Maybe you are looking for