Proxyless clustering and SSL session state

The current 6.0 docs are a bit quiet on SSL and clustering, so can I check
          whether it is the case that when proxy-less clustering is used with SSL, a
          failover results in a new certificate exchange and crypto session
          establishment? In other words, the clustering isn't attempting to replicate
          the SSL session state or similar super-subtle strategy.
          Thanks!
          Alex Thomas
          Lehman Brothers
          London

          "Alex Thomas" <[email protected]> wrote in message
          news:[email protected]..
          > The current 6.0 docs are a bit quiet on SSL and clustering, so can I check
          > whether it is the case that when proxy-less clustering is used with SSL, a
          > failover results in a new certificate exchange and crypto session
          > establishment? In other words, the clustering isn't attempting to
          replicate
          > the SSL session state or similar super-subtle strategy.
          Alex,
          A failover will result in a new SSL connection being started. As you say
          this will mean that certificate exchange and session key exchange will occur
          again. All of the replicated state is kept at a higher level in the server
          so that we can use different SSL implementations including hardware
          accelerators.
          Regards,
          Adam

Similar Messages

Adobe Air and maintaining session state

OK, here's a short run down. I'm working on an Air app per client request. It's a tight time frame so I'm going the HTML/JavaScript route since that is what I know. I've only been digging into this for a couple of days, read a handful of tutes and articles but I just haven't found this yet.
What are some methods for maintaining some session-like variables throughout the app (since it will have multiple html "pages")?
I've seen where some are using an encrypted local store, not sure I really want to do that as this app will be in a public place. I suppose I could use an encrypted querystring - not sure of the implications there. What else is there? I've also played around with SharedObject but can't seem to persist it between pages.

I dont think its possbile since stopping and restarting gets new sessions. Only way that I would know would be to use cookies.
But then again i dont like the idea of saving passwords in cookies

SSL Session resume

WLS 6.1 (Solaris 8)
Apache 1.3
We are using an EJB to create an HTTPSConnection (SSL connection) to a
third party to retrieve data displayed in a JSP. We are using the
Weblogic SSL implementation.
I turned on the "-DSSL.debug" info and it looks like a new SSL session
is being created for each request to our third part (it goes through
the whole handshake every time).
Is there any way to have the SSL session resumed using the Weblogic
SSL implementation? During development, I was able to get the JSSE
implementation to resume session by keeping the same URL object
around...so I figured Weblogic would work the same way.
If anyone knows how the Weblogic SSL session manager works, I'd love
to hear about it. I read that SSL sessions were supposed to be fixed
back in 5.1SP10, but that sounded like it was for Weblogic clients so
maybe Weblogic "as the client" is different?
Thanks,
Chris

Hi, Chris --
The fixes to SSL session caching appear in WLS 6.1 SP11 and WLS 6.1 SP3.
A WebLogic SSL client would normally retain its current session ID;
however, this SSL session state information is associated only with the
"current thread" - which might explain in part why new SSL sessions
are being negotiated on subsequent calls to the EJB.
-- Jim
P.S. You may want to consider opening a case with WebLogic Support to
explore this question further.
Chris Snyder wrote:
>
WLS 6.1 (Solaris 8)
Apache 1.3
We are using an EJB to create an HTTPSConnection (SSL connection) to a
third party to retrieve data displayed in a JSP. We are using the
Weblogic SSL implementation.
I turned on the "-DSSL.debug" info and it looks like a new SSL session
is being created for each request to our third part (it goes through
the whole handshake every time).
Is there any way to have the SSL session resumed using the Weblogic
SSL implementation? During development, I was able to get the JSSE
implementation to resume session by keeping the same URL object
around...so I figured Weblogic would work the same way.
If anyone knows how the Weblogic SSL session manager works, I'd love
to hear about it. I read that SSL sessions were supposed to be fixed
back in 5.1SP10, but that sounded like it was for Weblogic clients so
maybe Weblogic "as the client" is different?
Thanks,
Chris--
Jim Brown
Developer Relations Engineer
BEA Support

Session state protection violation

I turned on the session state protection on my application, the setting for Application Item, Page Data Entry Item and page display-only item are "checksum-required, application level". I want the URL to be shared by user in different sessions (for example bookmark). when I open two browsers (IE, Firefox) and login as same user, I copied/pasted url from one browser to another and received "Session state protection violation: This may be caused by manual alteration of a URL containing a checksum or by using a link with an incorrect or missing checksum."
Did I misunderstand the intent usage of this feature? I also noticed that checksum generated by the system remains the same no matter what checksum level I set (application, user, session).
I am running APEX 3.1.0.00.32.

Cheng-Lu,
I didn't forget you, this was a very difficult problem to debug.
I think I have a workaround for you. I added a page process to your login page named "fix deep link item". This restores the value of FSP_AFTER_LOGIN_URL that gets passed to this login page and is supposed to be immediately saved in session state. Due to a bug, this value was getting truncated to "f" before it could be saved. The new page process looks at the current URL and uses the value there which is still intact and saves that value in session state. I tested it with your applications. Please let me know if this works. We'll make a proper fix in the 3.2 release.
So this was not a problem with session state protection but in the "f" procedure which parses argument names/argument values in f?p URLs. This gets tripped up when an argument value contains a pattern like &cs= which is first treated as an argument to the orignal "f" call and therefore is never seen as an argument value in the list of arguments.
I have some other observations about your applications. I see that they have code in the page sentry function attribute of the authentication scheme. The code you have in there is completely unnecessary and could actually make the application less secure. You should leave this attribute empty and let the default (built-in) page sentry do all the work.
Scott

Problem with application item and session state

Okay, let's see if I can explain this problem coherently.
I have a small app (one page), with an application item, F_WHERE_CLAUSE.
This page has three regions in which there are items that the users can populate for search conditions. A couple of these items are "select list with submit" (I still need to upgrade to the AJAX method, I know). There is another region which has one hidden field, called P1_WHERE_CLAUSE. This field is defined to "Always, replacing any value in session state..." with source type of "Item (application or page.....", and a source value of F_WHERE_CLAUSE with no default value.
I have a button called "Search" which submits the page and fires a PL/SQL process which builds a where condition based upon the other page items and stores the value to the application item F_WHERE_CLAUSE (correctly).
For testing, I've made the P1_WHERE_CLAUSE field visible so that I can see what's going on. I've also clicked the debug and session buttons to help trace this. After I click the "Search" button and the page submits, debug shows:
0.02: ...Session State: Save "P1_WHERE_CLAUSE" - saving same value: "1=1"
followed later by:
0.05: ...Session State: Saved Item "F_WHERE_CLAUSE" New Value="lower(primary_class) = 'rock' and country = 'Spain'"
The field P1_WHERE_CLAUSE displays with the correct search criteria as signified by F_WHERE_CLAUSE above. However, If I click the "session" button to view the session state values, P1_WHERE_CLAUSE shows up as:
P1_WHERE_CLAUSE Textarea 1=1 U while F_WHERE_CLAUSE displays the correct value still.
The reason this "problem" came up, is that this page also has three SQL report regions which use &P1_WHERE_CLAUSE. for the where condition. While they display the correct results on-screen, each report region also has the "Export to csv" enabled, and the export seems to be using the "1=1" condition (from the "session" window) instead of the search criteria that the on-screen region is using (F_WHERE_CLAUSE and the displayed P1_WHERE_CLAUSE), resulting in a retreival of all records.
Anybody have any idea what's going on and why, and how to get the csv export to use the correct value for the where condition?
Thanks,
Bill Ferguson

It appears the "Export to CSV" functionality requires the item value to be set in session state. The P1_WHERE_CLAUSE item value never gets saved to session state. The page is rendered and the value is put in the item on the page but until you submit the page session state doesn't know what P1_WHERE_CLAUSE is.
Create a before header computation or process to set the value of P1_WHERE_CLAUSE (which will save it to session state). It is interesting that the report regions didn't need to look at the value in session state but the "export to csv" does.
--Jeff

Interactive Report Download and Session State Protection

I have created an Interactive Report in an APEX application that I have enabled
session state protection for. The issue I am having is with the "Download"
functionality of the interactive report to a .csv file.
The URL created by selecting Download from the drop down (javascript:gReport.controls.download();)
is built or constructed without a checksum thus causing the error below.
Error
No checksum was provided to show processing for a page that
requires a checksum when one or more request, clear cache, or argument
values are passed as parameters.
The anchor tag containing the URL (/f?p=app_id:page:session_id:CSV:) is contained within
<div id="apexir_CONTROL_PANEL_DROP" class="drop_panel
clearfix" style="">
Running the following: Application Express 3.1.0.00.32 on Oracle Database 10g Enterprise Edition Release 10.2.0.3.0
Is there a way to add a checksum to this? OR does anyone have any ideas on how to work around this?
Edited by: Bryce Tuohy on Feb 26, 2009 10:08 AM

WORKAROUND:
1.) Create hidden ITEM on page (I named it P23_PREPARED_CSV_DOWNLOAD_URL).
Enter the following for the ITEM
as the SOURCE_TYPE : PL/SQL Function Body
as the SOURCE: return apex_util.prepare_url('f?p=&APP_ID.:&APP_PAGE_ID.:&APP_SESSION.:CSV:')
2.) Create BUTTON that executes javascript to open POPUP window with this url.
a.) Create Button and enter
<a href="javascript:popupURL('&P23_PREPARED_CSV_DOWNLOAD_URL.')">Download and Save to CSV file</a>as the "Text Label/Alt"
Originally had custom code for javascript POPUP and this is not needed .... just use the APEX javascript function.
Edited by: Bryce Tuohy on Mar 5, 2009 10:47 AM

Session state and browser cache - Back button problem

Hi all,
I have a problem (and unless I'm missing something I think we all do) with session state and use of the browser's Back button. I really hope I'm just being dumb...
Background scenario:
Page P has a sidebar list allowing the user to select what content is displayed (e.g. 'stuff relating to X, Y or Z' where X, Y and Z are rows in, say, a table of projects). When a list entry is clicked, we branch to page P with the value of the list item placed in an application-level item (call it G_PROJECT). Reports on page P use G_PROJECT in their WHERE clauses.
So, click list entry X and G_PROJECT is set to X and page P shows reports for project X.
Page P also has a set of buttons which branch to various edit pages which allow attributes of page P's current project to be updated. These pages similarly use G_PROJECT in their WHERE clauses.
Problem scenario:
1. The user goes to page P and picks project X off the list. Project X's stuff is displayed (G_PROJECT = X).
2. The user then picks project Y off the list. Project Y's stuff is displayed (G_PROJECT = Y).
3. The user then clicks the browser's Back button. The page is served from browser cache, so project X's stuff is displayed, but G_PROJECT still = Y.
4. The user clicks an 'Edit' button; we submit, and branch to an edit page which displays (and will edit) data for project Y because G_PROJECT still = Y.
This is SERIOUSLY BAD NEWS - apart from being confusing, the user's edit permissions on projects X and Y may differ, and so the user may be able to perform 'illegal' updates.
I've read what I can on this forum and the rest of the web looking for ways to a) inhibit browsers' 'Back' functions and/or b) prevent pages being cached by the browser, but none of them have worked for me.
Short of waiting for browser manufacturers to recognise that the web is now full of applications as well as static pages, and enable robust programmatic control of cache behaviour, does anybody know how the problem can be avoided - or at least detected?
Thanks,
jd
Failed attempts to date:
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="cache-control" content="no-store">
<meta http-equiv="cache-control" content="private">
<meta http-equiv="cache-control" content="max-age=0, must-revalidate">
<meta http-equiv="expires" content="Wed, 09 Aug 2000 01:01:01 GMT">
<meta http-equiv="pragma" content="no-cache">
Disallowing duplicate submission (page attribute).
window.history.go(1);

Thanks Scott,
I may be being dumb here but I don't see how that would help...
P250_PROJECT and G_PROJECT are currently kept in sync by app logic. Whichever is used to drive, if the page is rendered from cache then the app logic is not executed, so the rendered page contents are not those keyed by P250_PROJECT, as illustrated in steps 1-4 of the problem above.
The user sees X, the session items say Y. The engine doesn't know what the user is seeing.
when page P is POSTed, its hidden item P250_PROJECT should always be used to derive the application item G_PROJECT. Then whether the page was pulled from cache or rendered anew via a click from the sidebar link, the project ID is determined by the contents of that page.
As I said above I tried this, with the 'Edit' branch set to:
Set these items: G_PROJECT
With these values: &P250_PROJECT.
but it makes no difference. The project ID is not determined by the rendered page contents - the engine gets the value of P250_PROJECT from session state.
I can code the 'Edit' pages such that they check permissions and if necessary redirect back to p250 (conditional before-header branch), but that's a clunky cure rather than the prevention I was hoping for.
Please tell me if my understanding is incorrect.
jd

Session state and item values

Hi,
Is it any possibility to bring the session state and an item value to a table?
Thank you

Hi,
For session id use APP_SESSION substitution string
http://download.oracle.com/docs/cd/E23903_01/doc/doc.41/e21674/concept_sub.htm#sthref160
Regards,
Jari
http://dbswh.webhop.net/dbswh/f?p=BLOG:HOME:0

Items not in session state when column link used and prevpage not submitted

I have a report on page 2 (cemetery lot info) with a column link to page 3 (burial info).
There is a process on page 3 that updates billing information using items from page 2, and billing code selected on page 3. The problem is, if the user does not submit page 2, session state is null, or has values from previously submitted page 2. How do I make sure the billing info is correctly updated from items displayed on page 2, if they are not in session state?
begin
if :P3_BILLING_CODE = 'OWN' then
:P3_BILLING_NAME := :P2_OWNER1_FIRSTNAME||' '||:P2_OWNER1_LASTNAME;
:P3_BILLING_ADDRESS1 := :P2_OWNER_ADDRESS1;
:P3_BILLING_ADDRESS2 := :P2_OWNER_ADDRESS2;
:P3_BILLING_CITY := :P2_OWNER_CITY;
:P3_BILLING_STATE := :P2_OWNER_STATE;
:P3_BILLING_ZIP := :P2_OWNER_ZIP;
:P3_BILLING_PHONE := :P2_OWNER_PHONE_AC||'-'||:P2_OWNER_PHONE_EX||'-'||:P2_OWNER_PHONE_SC;
elsif :P3_BILLING_CODE = 'MGR' then
:P3_BILLING_NAME := :P2_NEW_MANAGER;
:P3_BILLING_ADDRESS1 := :P2_NEW_MANAGER_STREET;
:P3_BILLING_ADDRESS2 := null;
:P3_BILLING_CITY := :P2_NEW_MANAGER_CITY;
:P3_BILLING_STATE := :P2_NEW_MANAGER_STATE;
:P3_BILLING_ZIP := :P2_NEW_MANAGER_ZIP;
:P3_BILLING_PHONE := :P2_MANAGER_PHONE_AC||'-'||:P2_MANAGER_PHONE_EX||'-'||:P2_MANAGER_PHONE_SC;
elsif :P3_BILLING_CODE = 'FH' then
:P3_BILLING_NAME := :P3_FUNERAL_HOME1;
:P3_BILLING_ADDRESS1 := :P3_FUNERAL_HOME_ADDRESS;
:P3_BILLING_CITY := :P3_FUNERAL_HOME_CITY;
:P3_BILLING_STATE := :P3_FUNERAL_HOME_STATE;
:P3_BILLING_ZIP := :P3_FUNERAL_HOME_ZIP;
:P3_BILLING_PHONE := :P3_FUNERAL_HOME_TELEPHONE;
end if;
update cm_burial set billing_name=:P3_BILLING_NAME, billing_address1=:P3_BILLING_ADDRESS1, billing_address2=:P3_BILLING_ADDRESS2, billing_city=:P3_BILLING_CITY, billing_state=:P3_BILLING_STATE, billing_zip=:P3_BILLING_ZIP, billing_phone=:P3_BILLING_PHONE
where recordid=:P3_RECORDID;
end;

Hello,
If I understand you correctly, it seems like your page logic is a bit problematic. The scenario I see is that the user is populating the form part, submiting the page, and the report region is being displayed (as the where clause depends on an item from the form region). Now, the situation you are describing, where the billing information is not correct, is possible if the user changed some of the form items on page 2, didn't submit the page – hence didn't update the report region – but still chose to branch to the next page, using the (non-updated) report link column. If I understand it correctly, you should first correct this situation. If the user is changing some details in the form section, the page should be re-submitted. This will resolve your problem, because as part of the page submit process, session state will be set correctly.
I believe this is the simplest and correct solution. Other options, like updating session state per changed item (using JavaScript) will be much more complicated.
Regards,
Arie.

Session state protection and read-only items

I have a requirement to create a report + form for a database table. In the form, there is mandatory database column that needs to be displayed but it should be read-only and its value derived using values entered elsewhere on the screen.
It tried Display Only, Read Only and Disabled but they either fall foul of session state protection violation or ORA-01400: cannot insert NULL. The best method that I've found was to add readonly="readonly" the item element, but this causes the input item to lose its APEX classes and I'd prefer a declarative solution anyway.
Anyone know the best approach?
I've created a DEMO - http://apex.oracle.com/pls/apex/f?p=READONLY - which demonstrates the 4 methods.
Edited by: KGelling on 17-May-2012 06:10

KGelling wrote:
The best method that I've found was to add readonly="readonly" the item element, but this causes the input item to lose its APEX classes and I'd prefer a declarative solution anyway.Looks like a bug to me. However a possible explanation/justification for this behaviour is that the HTML Form Element Attributes are often used to specify a custom class for the item, so the default class is removed to prevent any conflicts. IMO APEX needs to provide declarative support for the use of multiple, space-separated class values in page, region, item etc attributes.
As a workaround in this case, just include the class in the HTML Form Element Attributes:
class="number_field" readonly="readonly"
I've created a DEMO - http://apex.oracle.com/pls/apex/f?p=READONLY - which demonstrates the 4 methods.
Thanks for making the effort.

Application Items/Session State Values and Page Branching

I have users coming into a specific page in my application, passing in a value on the url that sets the value of an application item, where a validation routine occurs. If their session validates, I want to send them to one page, if it does not, I want to send them to a login error page.
During validation, I am setting the values of several application items so that these values can be saved and used throughout their session. The values appear to be setting correctly. I am concerned that setting the application items may not be limiting these values to a particular session. So, I have also tried setting the setting session state variables with code like:
apex_util.set_session_state ('F203_REQ', vReqID);
I found it curious though when I ran this page, not trying to branch so I could check session state, these values showed up as being application items and I saw nothing under session variables.
The problem I am having is that once validated I don't know how to branch to these other pages. I have tried adding some javascript in the header to force a page submit so that I could use a branch setup on the page. However, when it comes time to evaluate the branches (it's using one of the application item values I set earlier), I'm getting an error that no branch has been provided. Further research suggests the application item values are being cleared on the page submit.
So, (1) I either need to know how to preserve those values on submit so the page branch works or (2) I need to branch to the new page without using a page submit and instead doing that in a some code (assuming submit is clearing application item values). I have not been able to find an example of how to do this in code. If there is a way to do this in code, will the application item or session state variable values be retained? I will need these values to be available to the user throughout their session.
Thanks for the help,
Steve

Steve,
I am concerned that setting the application items may not be limiting these values to a particular session.They are set in the current session only.
It is hard to know what you are doing exactly without seeing it. If you set up an example on apex.oracle.com we could could address one specific question at at time.
Scott

Clustered session state replication

          We are new to WebLogic, vrs 8.1 server, and are trying to get session states to
          replicate within a cluster. We believe everything is set up per the Bea docs but
          in the end "the state" on the secondary does not seem to exist, or we do not know
          how to see it.
          Our environment:
          A domain with one admin server and four managed servers on a Sun server. Three
          of the managed servers are in a cluster, the fourth is the proxy server dispatching
          to the cluster using WebLogic HttpCluteredServlet. The app deployed to the cluster
          has the weblogic.xml session parameter for PersistentStoreType set to replciated.
          Everything runs fine till the end: A call to the app is received at the ProxyServer
          and is routed to a server in the cluster. The servlet creates a session object
          for the user. When the user executes the servlet a second time the session object
          is updated and a count is displayed to the user for each subsequent hit to the
          servlet. The session object (a java object) is serialized. Then we kill the primary
          server that is used to comunicate with the user requests. The proxyServer then
          directs the user to a different server within the cluster as it should, but the
          session object from the primary server (now killed) does not appear to be on the
          new server since a new session object gets created.
          Any ideas?


Warren Anderson wrote:
          > We are new to WebLogic, vrs 8.1 server, and are trying to get session states to
          > replicate within a cluster. We believe everything is set up per the Bea docs but
          > in the end "the state" on the secondary does not seem to exist, or we do not know
          > how to see it.
          >
          > Our environment:
          >
          > A domain with one admin server and four managed servers on a Sun server. Three
          > of the managed servers are in a cluster, the fourth is the proxy server dispatching
          > to the cluster using WebLogic HttpCluteredServlet. The app deployed to the cluster
          > has the weblogic.xml session parameter for PersistentStoreType set to replciated.
          >
          > Everything runs fine till the end: A call to the app is received at the ProxyServer
          > and is routed to a server in the cluster. The servlet creates a session object
          > for the user. When the user executes the servlet a second time the session object
          > is updated and a count is displayed to the user for each subsequent hit to the
          > servlet. The session object (a java object) is serialized. Then we kill the primary
          > server that is used to comunicate with the user requests. The proxyServer then
          > directs the user to a different server within the cluster as it should, but the
          > session object from the primary server (now killed) does not appear to be on the
          > new server since a new session object gets created.
          >
          > Any ideas?
          Did you make sure everything in the session is serializable or remote?
          -- Prasad

Controlling Session State and Submit Processing

I am trying to gain a fundamental understanding of how to control submit processing and session state, etc.
For example, I have a popup lov that lists names and returns id for the parent record. When the user make the selection using this pop lov, I then have an id that I want to use to lookup the default value for another field.
How do you submit a page for re-rendering (i.e, you have condition expressions referencing values that the use has set) without triggering the auto dml and page branch?
For example, I have a form for specifying tns names with 2 buttons, 'Advanced Config' and 'Basic Config'. The idea is to hide/show items corresponding to basic or adv. config options, etc.
My first approach was to have the buttons do a redirect to the same page, setting P5_USE_ADV_CONFIG_YN to Y or N without clearing the cache. When the page refreshes, the conditional rending has occured as desired (i.e., I set the condition on my form items to reference P5_USE_ADV_CONFIG = Y or N, etc.), but user's data values have been lost since the record was reloaded from the database.
So..I tried putting a condition on the fetch procedure to prevent the record from being re-read. However, this left all the fields empty which indicates that the item's session state has been completed cleared! Huh? I didn't want ask for or want this behavior. Hmmm.
So, I start thinking that the persisted session wasn't updated since I didn't do a submit and so when the page was requested, it behaved as it should, but not what I had in mind. THUS...I believe I need to submit the page and prevent the auto-dml and page branching afterwards....but how? I feel that I am missing something very fundamental here and that the answer may also help me with other related questions:
* How does the confirm delete examples work? How is the processing stopped when the user presses cancel?
* How can you do validations and stop dml processing without losing the user values?
* How can you display and error page and then return to where the user was with the values still present?
* How can I do a secondary sql value lookup based on the users selection in a popup lov? (User selects a Database/DbID - then I want to lookup host using DbId)
I haven't been successful understanding this from the manuals, but someone can point me to some material that explains submit processing, redirects, etc. I would be happy to do some more digging.
Thanks greatly in advance.

Thanks Scott,
I may be being dumb here but I don't see how that would help...
P250_PROJECT and G_PROJECT are currently kept in sync by app logic. Whichever is used to drive, if the page is rendered from cache then the app logic is not executed, so the rendered page contents are not those keyed by P250_PROJECT, as illustrated in steps 1-4 of the problem above.
The user sees X, the session items say Y. The engine doesn't know what the user is seeing.
when page P is POSTed, its hidden item P250_PROJECT should always be used to derive the application item G_PROJECT. Then whether the page was pulled from cache or rendered anew via a click from the sidebar link, the project ID is determined by the contents of that page.
As I said above I tried this, with the 'Edit' branch set to:
Set these items: G_PROJECT
With these values: &P250_PROJECT.
but it makes no difference. The project ID is not determined by the rendered page contents - the engine gets the value of P250_PROJECT from session state.
I can code the 'Edit' pages such that they check permissions and if necessary redirect back to p250 (conditional before-header branch), but that's a clunky cure rather than the prevention I was hoping for.
Please tell me if my understanding is incorrect.
jd

Session state and PDF building

Trying to get a application report to use a few variables in a report being built from APEX. I have gone through and built the application report and SQL, I clicked on 3 items that are in session state, to push them through to the XML file being produced.
However, when I open that xml file I find the following:
<P167_END_DTE></P167_END_DTE>
<P167_FACILITES></P167_FACILITES>
<P167_START_DTE></P167_START_DTE>
The 3 session items are NOT returning values to the XML file produced. Is there a possibility I have missed something?
Using Apex 3.0.... I have selected the Advance XML structure (to include session information)
Please advise..
Thank you,
Tony Miller
UTMB/EHN

Tony & Costantino:
When downloading the XML you don't have access to the session state of your application. Only when running you application will the underlying XML structure actually be populated with your session state values. So it's expected that your session state item XML tags do not have any values at design time / when creating the report query. They're just there so that you can pick them up with the BI Publisher Word-Plug-In and place them in your RTF template. For that you don't need values.
Regards,
Marc

Report Print Attributes and Session State Protection

Hi all,
I have a report (old style Apex report, not an IR) that I would like to have a Print option, producing a PDF output.
The report is on a page that takes a number of arguments and uses the page security option "Arguments require checksum".
When I turn on the Enable Report Printing option in the report, the Print link appears at the bottom of the report. However, clicking Print leads to the following message:
"Error No checksum was provided to show processing for a page that requires a checksum when one or more request, clear cache, or argument values are passed as parameters."
Disabling Session State Protection for that page makes the report link work, but I would prefer not to do that.
How do I get the built-in report print option to generate the required checksum?
I'm using Apex 4.0.2.00.07, by the way.
Alex

WORKAROUND:
1.) Create hidden ITEM on page (I named it P23_PREPARED_CSV_DOWNLOAD_URL).
Enter the following for the ITEM
as the SOURCE_TYPE : PL/SQL Function Body
as the SOURCE: return apex_util.prepare_url('f?p=&APP_ID.:&APP_PAGE_ID.:&APP_SESSION.:CSV:')
2.) Create BUTTON that executes javascript to open POPUP window with this url.
a.) Create Button and enter
<a href="javascript:popupURL('&P23_PREPARED_CSV_DOWNLOAD_URL.')">Download and Save to CSV file</a>as the "Text Label/Alt"
Originally had custom code for javascript POPUP and this is not needed .... just use the APEX javascript function.
Edited by: Bryce Tuohy on Mar 5, 2009 10:47 AM

Proxyless clustering and SSL session state

Similar Messages

Maybe you are looking for