Workspace or Security ID session variable

Hello -
Is it possible to get the Workspace or Security Group ID from a session variable (e.g., v('WORKSPACE') ) so that I can use it to automatically create a user in my application without hard-coding?
For instance, here is some of my code...I'd like to avoid hard-coding <WORKSPACE>.
WWV_FLOW_SECURITY.CREATE_FND_USER(
WWV_FLOW_ID.NEXT_VAL,
WWV_FLOW_SECURITY.FIND_SECURITY_GROUP_ID(<WORKSPACE>),
P_USERNAME,
P_FIRST_NAME,
P_LAST_NAME,
'Auto-created',
P_EMAIL_ADDRESS,
P_PASSWORD
Basically, I am trying to allow users to create their own profiles from within the application itself. I have a custom page which calls the code above more or less, then redirects the user to the login page to let HTML DB take over authentication. Is there a better way to do this?
Thanks!
Dave

David,
To get back the ID of the current workspace, you can reference v('WORKSPACE_ID').
Note that this function v() is only usable in the context of an HTML DB application. You can reference this function directly in an HTML DB application or PL/SQL packages called by your PL/SQL application. But if you connect to your database directly from SQL*Plus and reference v('of_anything'), it should return null.
Joel

Similar Messages

  • Row level security with session variables, not a best practice?

    Hello,
    We are about to implement row level security in our BI project using OBIEE, and the solution we found most convenient for our requirement was to use session variables with initalization blocks.
    The problem is that this method is listed as a "non best practice" in the Oracle documentation.
    Alternative Security Administration Options - 11g Release 1 (11.1.1)
    (This appendix describes alternative security administration options included for backward compatibility with upgraded systems and are not considered a best practice.)
    Managing Session Variables
    System session variables obtain their values from initialization blocks and are used to authenticate Oracle Business Intelligence users against external sources such as LDAP servers or database tables. Every active BI Server session generates session variables and initializes them. Each session variable instance can be initialized to a different value. For more information about how session variable and initialization blocks are used by Oracle Business Intelligence, see "Using Variables in the Oracle BI Repository" in Oracle Fusion Middleware Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition.
    How confusing... what is the best practice then?
    Thank you for your help.
    Joao Moreira

    authenticating / authorizing part is take care by weblogic and then USER variable initialized and you may use it for any initblocks for security.
    Init block for authenticating / authorizing and session variables are different, i guess you are mixing both.

  • Using Session Variable in the Column Level Security

    My Question -
    1. I created an initialization block with initialization string by calling a new session variable CTP_ID_LIST in the sql command, given appropriate database connections and when I exit out of Block, and chosen Row-wise initialization. I do not see a new session variable created under variables list. Why does this happen? Please help me on this.

    Hi,
    This happens when you select Row-wise Initialization.
    The row-wise initialization feature allows you to create session variables dynamically and set their values when a session begins. The names and values of the session variables reside in an external database that you access through a connection pool. The variables receive their values from the initialization string that you type in the Initialization Block dialog box.
    You can also use the row-wise initialization feature to initialize a variable with a list of values. You can then use the SQL IN operator to test for values in a specified list.
    Example: Using the table values in the previous example, you would type the following SQL statement for the initialization string:
    select 'LIST_OF_USERS', USERID
    from RW_SESSION_VARS
    where NAME='STATUS' and VALUE='FULL-TIME'
    This SQL statement populates the variable LIST_OF_USERS with a list, separated by colons, of the values JOHN and JANE; for example, JOHN:JANE. You can then use this variable in a filter, as shown in the following WHERE clause:
    where TABLE.USER_NAME = valueof(NQ_SESSION.LIST_OF_USERS)
    The variable LIST_OF_USERS contains a list of values, that is, one or more values. This logical WHERE clause expands into a physical IN clause, as shown in the following statement:
    where TABLE.USER_NAME in ('JOHN', 'JANE')
    Regards
    MuRam

  • Can we use session variables in BI publisher's Data Model SQL Query?

    Hi Experts,
    We need to implement Data level security in BI Publisher 11g.
    In OBIEE we do so by using session variables, so just wanted to ask if we can use the same session variables in BI Publisher as well
    ie can we include the where clause in the Data Models SQL Query like
    Where ORG_ID = @{biServer.variables['NQ_SESSION.INV_ORG']}
    Let me know your views on this.
    PS: We are implementing EBS r12 security in BI Publisher.
    Thanks

    Read this -> OBIEE 11g: Error: "[nQSError: 23006] The session variable, NQ_SESSION.LAN_INT, has no value definition." when Creating a SQL Query using the session variable NQ_SESSION.LAN_INT in BI Publisher [ID 1511676.1]
    Follow the ER - BUG:13607750 - NEED TO BE ABLE TO SET A SESSION VARIABLE IN OBIEE AND USE IT IN BI PUBLISHER
    HTH,
    SVS

  • Session variable and initialization block issues

    We are using OBIEE 10.1.3.3 and utilizes built in security features. (No LDAP or other single sign on). The user or group names are not stored in any external table. I have a need to supplement Group info of the user to the usage tracking we implemented recently as the NQ_LOGIN_GROUP.RESP column contains username instead of group name. So I created a session variable and associated with a new initialization block and also had a junk default value set to the variable. In the initialization block, I wrote the following query and as a result it inserted correct values into the table when the TEST button was clicked from the initialization block form.
    insert into stra_login_data (username, groupname, login_time) values ('VALUEOF(NQ_SESSION.USER)', 'VALUEOF(NQ_SESSION.GROUP)', SYSDATE)
    My intention is to make this execute whenever any user logs on. The nqserver.log reports the following error and it doesn?t insert values into the table.
    [nQSError: 13011] Query for Initialization Block 'SET_USER_LOGIN_BLOCK' has failed.
    [nQSError: 23006] The session variable, NQ_SESSION.USER, has no value definition.
    [nQSError: 13011] Query for Initialization Block 'SET_USER_LOGIN_BLOCK' has failed.
    [nQSError: 23006] The session variable, NQ_SESSION.GROUP, has no value definition.
    When I changed the insert statement as below, this does get populated whenever someone logs in. But I need the values of GROUP associated with the user as defined in the repository.
    insert into stra_login_data (username, groupname, login_time) values ('TEST_USER', TEST_GROUP', SYSDATE)
    Could someone help me out! As I mentioned above, I need the GROUP info into the usage tracking. So, if there is another successful approach, could you please share?
    Thank you
    Amin

    Hi Amin,
    See [this thread|http://forums.oracle.com/forums/thread.jspa?messageID=3376946&#3376946]. You can't use the GROUP session variable in an Init Block unless it has been seeded from an Init Block first. There isn't an easy solution for what you want, but here are some options:
    1) Create a copy of your User => Groups assignments in your RPD in an table so you can use it in your Usage Tracking Subject Area. But this means you will have to replicate the changes in two places so it's not a good solution.
    2) As the GROUP session variable is populated when you login you could theoretically use it a Dashboard and pass it a parameter to write the value to the database. But as I am not sure how can you make fire only once when the user logins it sounds like a bad idea.
    3) Move your User => Groups assignments from your RPD to a DB table. Use OBIEE Write Back or something like Oracle APEX to maintain them.
    I think 3) is the best solution to be honest.

  • Problem with Session variable initialization block

    Hi,
    I'm getting strange results when using session variables in my repository files.
    I have created session variables as specified in the document which is available at
    http://www.oracle.com/technology/obe/obe_bi/bi_ee_1013/bi_admin/biadmin.html
    The main problem getting with the system session variable (USER) in the select statement.
    My select statement is as follows,
    select ':USER',case when upper(':USER') = 'KUMAR' then 'APR-05' end from Dual
    The problem is while logging into the BI Answers it is allowing all the invalid users to login who does not exist.
    when i remove the quotes and simply use :USER in the select statement it is not allowing the invalid users to login but giving error while displaying the results.
    when i remove the user variable from select statement its giving correct results.
    Can i know what is causing the problem.
    Thanks,
    Kumar.

    Hi DK,
    Check out my post Rowlevel Security?? and see if it helps you.
    Cheers!
    -Joe

  • System session variable ':GROUP'

    Dear Friends,
    I am having an issue with retrieving a value for the reserved system session variable :GROUP IN OBIEE 11.1.1.5
    From what I’ve read in the other posts I should be able to use :GROUP variable after where clause, and if there is more than one group assigned to a user INSTR should take care of this case. However I can’t get this to work.
    I am using row-wise variable, here is the code
    select 'ORGANIZATIONS' , s.ORGANIZATION_ID
    from T_VZA_SECURITY s
    where
    INSTR(':GROUP', trim(s.group_id)) > 0
    --INSTR('MyGroup', trim(s.group_id)) > 0
    I also tried to replace ':GROUP' session variable with 'VALUEOF(NQ_SESSION.GROUP)'
    my security table
    create table T_VZA_SECURITY
    (GROUP_ID VARCHAR(20),
    ORGANIZATION_ID VARCHAR (20),
    OWNING_DEPARTMENT_ID VARCHAR (20),
    ASSIGNED_DEPARTMENT_ID VARCHAR (20)
    Thank you

    I can't test my statement, it comes back with the error if i specify system session variable. If i replace a group variable with the string it works.
    I don't see how i can set the execution order - i only have one init block with row-wise initialization enabled. Basically followed
    http://www.rittmanmead.com/2012/03/obiee-11g-security-week-row-level-security/
    guide, and it does work for :USER but doesn't for :GROUP.
    Thank you for spending time to look at the issue!

  • Coldfusion session variables being lost

    ok so when my users login I establish session variables. one of these is employee id. in my Application.cfc I have this at the top:
    <cfscript>
    this.name = "My App";
    this.sessiontimeout=CreateTimeSpan("0", "0", "45", "0");
    this.SESSIONMANAGEMENT="YES";
    this.SetClientCookies = "true";
    this.setDomainCookies = "true";
    </cfscript>
    i also set the timeout for sessions at 45 in the CFadmin too.
    after a successfull login i capture their session.employeenumber by authenticating through our corporate LDAP. no problem there. note: this app has run smoothly for 6+ years now but something has recently gone wrong.
    on every page i reference a file in my application directory called "check_session.cfm" like this:
    <cfmodule template="/myApp/Tags/check_session.cfm">
    In that file I have code that checks for the existence of the session.employee_number. if it doesn't exist they either timed out or book-marked a page in the app in which they need to be logged in to view:
    <cflock timeout="30" throwontimeout="Yes" type="READONLY" scope="SESSION">
    <!--- Checks to make sure the user has a session--->
    <CFIF NOT IsDefined("Session.employee_number")>
         <CFLOCATION URL="http://#cgi.HTTP_HOST#/myApp/LoginAgain.cfm">
    </CFIF>
    </cflock>
    every now and then (i'd say on average 5 times per week) i get an error message from a user (i re-direct all errors to my email with diagnostic info). the error reads "Element EMPLOYEE_NUMBER is undefined in SESSION". when i look at the page the error came from i see my call to the check_session.cfm file about 50 lines above where this error happened when i tried to reference session.employee_number. why wouldn't it not find it and re-direct the user to the timeout page? i can never duplicate this error on my machine either... i always get the right result without the error message. its a random, sporadic, intermittent error.

    Here is the diagnostic error information. Where you see [omitted] i've changed the URL for the purposes of displaying this detail in a public forum:
    struct
    Browser
    Mozilla/4.0   (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR   2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0;   InfoPath.2; .NET4.0C; .NET4.0E; MS-RTC LM 8)
    DateTime
    {ts   '2011-02-21 20:59:21'}
    Diagnostics
    Element   EMPLOYEENUMBER is undefined in SESSION. <br>The error occurred on line   162.
    GeneratedContent
    <!DOCTYPE   html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">   <html xmlns="http://www.w3.org/1999/xhtml">   <!-- DW6 --> <head> <!-- Copyright 2005 Macromedia, Inc. All   rights reserved. --> <title>My Home</title> <meta   http-equiv="Content-Type" content="text/html;   charset=iso-8859-1" /> <link rel="stylesheet"   href="mm_training.css" type="text/css" /> <link   rel="stylesheet" type="text/css" href="../template/organized.css">   </head> <body bgcolor="#ffffff"   onLoad="onInit()">
    HTTPReferer
    http://[omitted]/mypage/myhome.cfm?CFID=101686&CFTOKEN=53097237
    Mailto
    [empty   string]
    Message
    Element   EMPLOYEENUMBER is undefined in SESSION.
    QueryString
    [empty   string]
    RemoteAddress
    10.x.x.x   [remote address omitted for purposes of this forum]
    RootCause
    struct
    Detail
    [empty     string]
    ErrNumber
    0
    Message
    Element     EMPLOYEENUMBER is undefined in SESSION.
    Resolvedname
    SESSION
    StackTrace
    coldfusion.runtime.UndefinedElementException:     Element EMPLOYEENUMBER is undefined in SESSION. at     coldfusion.runtime.CfJspPage.resolveCanonicalName(CfJspPage.java:1659) at     coldfusion.runtime.CfJspPage._resolve(CfJspPage.java:1612) at     coldfusion.runtime.CfJspPage._resolveAndAutoscalarize(CfJspPage.java:1747)     at     coldfusion.runtime.CfJspPage._resolveAndAutoscalarize(CfJspPage.java:1740)     at cfmyhome2ecfm1641837815._factor14(D:\[path_omitted]\mypage\myhome.cfm:162)     at cfmyhome2ecfm1641837815.runPage(D:\[path_omitted]\mypage\myhome.cfm:1)     at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:196) at     coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:370) at     coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at     coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:273) at     coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)     at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at     coldfusion.filter.PathFilter.invoke(PathFilter.java:86) at     coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70) at     coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:2 8)     at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at     coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at     coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at     coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at     coldfusion.CfmServlet.service(CfmServlet.java:175) at     coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at     jrun.servlet.FilterChain.doFilter(FilterChain.java:86) at     coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42 )     at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)     at jrun.servlet.FilterChain.doFilter(FilterChain.java:94) at     jrun.servlet.FilterChain.service(FilterChain.java:101) at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)     at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42) at     jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)     at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)     at     jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)     at     jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)     at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)     at     jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)     at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
    TagContext
    array
    1
    struct
    COLUMN
    0
    ID
    LINE
    162
    RAW_TRACE
    at         cfmyhome2ecfm1641837815._factor14(D:\[path_omitted]\mypage\myhome.cfm:162)
    TEMPLATE
    D:\[path_omitted]\mypage\myhome.cfm
    TYPE
    CFML
    2
    struct
    COLUMN
    0
    ID
    CF_MYHOME
    LINE
    1
    RAW_TRACE
    at         cfmyhome2ecfm1641837815.runPage(D:\[path_omitted]\mypage\myhome.cfm:1)
    TEMPLATE
    D:\[path_omitted]\mypage\myhome.cfm
    TYPE
    CFML
    Type
    Expression
    element
    EMPLOYEENUMBER
    objectType
    object of java.lang.Class
    Class       Name
    java.lang.Class
    Methods
    Method
    Return Type
    asSubclass(java.lang.Class)
    java.lang.Class
    cast(java.lang.Object)
    java.lang.Object
    desiredAssertionStatus()
    boolean
    forName(java.lang.String,         boolean, java.lang.ClassLoader)
    java.lang.Class
    forName(java.lang.String)
    java.lang.Class
    getAnnotation(java.lang.Class)
    java.lang.annotation.Annotation
    getAnnotations()
    java.lang.annotation.Annotation[]
    getCanonicalName()
    java.lang.String
    getClassLoader()
    java.lang.ClassLoader
    getClasses()
    java.lang.Class[]
    getComponentType()
    java.lang.Class
    getConstructor(java.lang.Class[])
    java.lang.reflect.Constructor
    getConstructors()
    java.lang.reflect.Constructor[]
    getDeclaredAnnotations()
    java.lang.annotation.Annotation[]
    getDeclaredClasses()
    java.lang.Class[]
    getDeclaredConstructor(java.lang.Class[])
    java.lang.reflect.Constructor
    getDeclaredConstructors()
    java.lang.reflect.Constructor[]
    getDeclaredField(java.lang.String)
    java.lang.reflect.Field
    getDeclaredFields()
    java.lang.reflect.Field[]
    getDeclaredMethod(java.lang.String,         java.lang.Class[])
    java.lang.reflect.Method
    getDeclaredMethods()
    java.lang.reflect.Method[]
    getDeclaringClass()
    java.lang.Class
    getEnclosingClass()
    java.lang.Class
    getEnclosingConstructor()
    java.lang.reflect.Constructor
    getEnclosingMethod()
    java.lang.reflect.Method
    getEnumConstants()
    java.lang.Object[]
    getField(java.lang.String)
    java.lang.reflect.Field
    getFields()
    java.lang.reflect.Field[]
    getGenericInterfaces()
    java.lang.reflect.Type[]
    getGenericSuperclass()
    java.lang.reflect.Type
    getInterfaces()
    java.lang.Class[]
    getMethod(java.lang.String,         java.lang.Class[])
    java.lang.reflect.Method
    getMethods()
    java.lang.reflect.Method[]
    getModifiers()
    int
    getName()
    java.lang.String
    getPackage()
    java.lang.Package
    getProtectionDomain()
    java.security.ProtectionDomain
    getResource(java.lang.String)
    java.net.URL
    getResourceAsStream(java.lang.String)
    java.io.InputStream
    getSigners()
    java.lang.Object[]
    getSimpleName()
    java.lang.String
    getSuperclass()
    java.lang.Class
    getTypeParameters()
    java.lang.reflect.TypeVariable[]
    isAnnotation()
    boolean
    isAnnotationPresent(java.lang.Class)
    boolean
    isAnonymousClass()
    boolean
    isArray()
    boolean
    isAssignableFrom(java.lang.Class)
    boolean
    isEnum()
    boolean
    isInstance(java.lang.Object)
    boolean
    isInterface()
    boolean
    isLocalClass()
    boolean
    isMemberClass()
    boolean
    isPrimitive()
    boolean
    isSynthetic()
    boolean
    newInstance()
    java.lang.Object
    toString()
    java.lang.String
    StackTrace
    coldfusion.runtime.UndefinedElementException:   Element EMPLOYEENUMBER is undefined in SESSION. at coldfusion.runtime.CfJspPage.resolveCanonicalName(CfJspPage.java:1659)   at coldfusion.runtime.CfJspPage._resolve(CfJspPage.java:1612) at   coldfusion.runtime.CfJspPage._resolveAndAutoscalarize(CfJspPage.java:1747) at   coldfusion.runtime.CfJspPage._resolveAndAutoscalarize(CfJspPage.java:1740) at   cfmyhome2ecfm1641837815._factor14(D:\[path_omitted]\mypage\myhome.cfm:162) at   cfmyhome2ecfm1641837815.runPage(D:\[path_omitted]\mypage\myhome.cfm:1) at   coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:196) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:370)   at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at   coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:273) at   coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)   at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at   coldfusion.filter.PathFilter.invoke(PathFilter.java:86) at   coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70) at   coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:2 8)   at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at   coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at   coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at   coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at   coldfusion.CfmServlet.service(CfmServlet.java:175) at   coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at   jrun.servlet.FilterChain.doFilter(FilterChain.java:86) at   coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42 )   at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at   jrun.servlet.FilterChain.doFilter(FilterChain.java:94) at jrun.servlet.FilterChain.service(FilterChain.java:101)   at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106) at   jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42) at   jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286) at   jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543) at   jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)   at   jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)   at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)   at   jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)   at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
    TagContext
    array
    1
    struct
    COLUMN
    0
    ID
    LINE
    162
    RAW_TRACE
    at       cfmyhome2ecfm1641837815._factor14(D:\[path_omitted]\mypage\myhome.cfm:162)
    TEMPLATE
    D:\[path_omitted]\mypage\myhome.cfm
    TYPE
    CFML
    2
    struct
    COLUMN
    0
    ID
    CF_MYHOME
    LINE
    1
    RAW_TRACE
    at       cfmyhome2ecfm1641837815.runPage(D:\[path_omitted]\mypage\myhome.cfm:1)
    TEMPLATE
    D:\[path_omitted]\mypage\myhome.cfm
    TYPE
    CFML
    Template
    /[omitted]/mypage/myhome.cfm
    Type
    coldfusion.runtime.CfErrorWrapper

  • Session variable not passing between pages

    Hi, I've got a form that calculates checkbox values and puts them in a total field called txtTotal. When the user clicks send, I need to pass the total to a payment page.  The form page has PHP
    session_start();
    $_SESSION['sessTotal'] = $_POST['txtTotal'];
    and the payment page has
    session_start(); at the top of the page and <?php echo $_SESSION['sessTotal']; ?> where I want the total to display. The total does not carry over to the payment page and I can't work out why.
    Here is all the PHP from the form page as I'm pretty new to PHP and not sure if there's a conflict (should session_start appear more than once?)  Thanks guys
    <?php require_once('Connections/df.php'); ?>
    <?php
    //initialize the session
    if (!isset($_SESSION)) {
    session_start();
    $_SESSION['sessTotal'] = $_POST['txtTotal'];
    // ** Logout the current user. **
    $logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
    if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
      $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
    if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
      //to fully log out a visitor we need to clear the session varialbles
      $_SESSION['MM_Username'] = NULL;
      $_SESSION['MM_UserGroup'] = NULL;
      $_SESSION['PrevUrl'] = NULL;
      unset($_SESSION['MM_Username']);
      unset($_SESSION['MM_UserGroup']);
      unset($_SESSION['PrevUrl']);
      $logoutGoTo = "index.php";
      if ($logoutGoTo) {
        header("Location: $logoutGoTo");
        exit;
    ?>
    <?php
    if (!isset($_SESSION)) {
      session_start();
    $MM_authorizedUsers = "";
    $MM_donotCheckaccess = "true";
    // *** Restrict Access To Page: Grant or deny access to this page
    function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
      // For security, start by assuming the visitor is NOT authorized.
      $isValid = False;
      // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
      // Therefore, we know that a user is NOT logged in if that Session variable is blank.
      if (!empty($UserName)) {
        // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
        // Parse the strings into arrays.
        $arrUsers = Explode(",", $strUsers);
        $arrGroups = Explode(",", $strGroups);
        if (in_array($UserName, $arrUsers)) {
          $isValid = true;
        // Or, you may restrict access to only certain users based on their username.
        if (in_array($UserGroup, $arrGroups)) {
          $isValid = true;
        if (($strUsers == "") && true) {
          $isValid = true;
      return $isValid;
    $MM_restrictGoTo = "index.php";
    if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {  
      $MM_qsChar = "?";
      $MM_referrer = $_SERVER['PHP_SELF'];
      if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
      if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0)
      $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
      $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
      header("Location: ". $MM_restrictGoTo);
      exit;
    ?>
    <?php
    if (!function_exists("GetSQLValueString")) {
    function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
      if (PHP_VERSION < 6) {
        $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
      $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
      switch ($theType) {
        case "text":
          $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
          break;   
        case "long":
        case "int":
          $theValue = ($theValue != "") ? intval($theValue) : "NULL";
          break;
        case "double":
          $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
          break;
        case "date":
          $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
          break;
        case "defined":
          $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
          break;
      return $theValue;
    $colname_userDets = "-1";
    if (isset($_SESSION['MM_Username'])) {
      $colname_userDets = $_SESSION['MM_Username'];
    mysql_select_db($database_df, $df);
    $query_userDets = sprintf("SELECT usersId, userName, password, name FROM users WHERE userName = %s", GetSQLValueString($colname_userDets, "text"));
    $userDets = mysql_query($query_userDets, $df) or die(mysql_error());
    $row_userDets = mysql_fetch_assoc($userDets);
    $totalRows_userDets = mysql_num_rows($userDets);
    ?>

    OK I got it.  I needed 
    session_start();
    $_SESSION['sessTotal'] = $_POST['txtTotal'];
    on the payments page as well, not just session_start();

  • Security filter with variable does not work correctly

    Helo,
    I have one table with this columns (called BI_USERS):
    USERBI | REGIONS
    XXXX 10,5 -> In this case the user XXX can access the region 10 and 5
    AAA 9,7
    I use this table to apply the security filters. Fisrt I did a initialization block with the select: SELECT USERBI, REGIONS FROM BI_USERS WHERE USER = :USER
    This select populate two variables: variable USER (system variable) and UserRegion (Non-system variable)
    After I use the UserRegion variable in the securty filter of the one group of users. For exemple:
    Name | Status | Business Model Filter
    "Claro"."Historico Saldo Pre-Pago" Enabled "Claro"."Historico Saldo Pre-Pago"."DW_UN_NEG" In(VALUEOF(NQ_SESSION.*UserRegional)* )
    But the issue is that the query is not working, because the query created for BIServer no use the IN operator. Seems the IN operator is changed for equal (=).
    And the query returs error because the value 10,5 (for example) is not a numeric value.
    Anybody could help me, please? I am using the version 10.1.3
    Mauricio

    |||\/||| wrote:
    Helo,
    I have one table with this columns (called BI_USERS):
    USERBI | REGIONS
    XXXX 10,5 -> In this case the user XXX can access the region 10 and 5
    AAA 9,7
    I use this table to apply the security filters. Fisrt I did a initialization block with the select: SELECT USERBI, REGIONS FROM BI_USERS WHERE USER = :USER
    This select populate two variables: variable USER (system variable) and UserRegion (Non-system variable)
    After I use the UserRegion variable in the securty filter of the one group of users. For exemple:
    Name | Status | Business Model Filter
    "Claro"."Historico Saldo Pre-Pago" Enabled "Claro"."Historico Saldo Pre-Pago"."DW_UN_NEG" In(VALUEOF(NQ_SESSION.*UserRegional)* )
    But the issue is that the query is not working, because the query created for BIServer no use the IN operator. Seems the IN operator is changed for equal (=).
    And the query returs error because the value 10,5 (for example) is not a numeric value.
    Anybody could help me, please? I am using the version 10.1.3
    MauricioHi Mauricio,
    First of all you have some syntax errors with your init block:
    select USERBI, REGIONS from BI_USERS WHERE upper(USER)=upper(':USER');
    Couple things to consider here:
    1) Why are you selecting Userbi column from the table? Is USER system session variable not getting populated through other souces like LDAP or default security?
    Ans: If your user session variable is getting populated from a different init block, then you dont need to select that column. Then your init block would look something like this:
    select 'USERREGIONAL', REGIONS from BI_USERS WHERE upper(USER)=upper(':USER'); - Data Source
    Row Wise Initialization - Data Target
    Initblock that is populating the user session variable as the order of precedence.
    2) If you dont have USER session variable populating from any other source, then your init block would look something like below:
    select 'USER', USERBI, "USERREGIONAL', REGIONS from BI_USERS; - Data source
    Row Wise Initialization - Data target
    After following one of the above two steps, you need to apply the filters on the table.
    "Claro"."Historico Saldo Pre-Pago"."DW_UN_NEG" IN(VALUEOF(NQ_SESSION.USERREGIONAL))
    Note: Make sure you understand that variables are case sensitive.
    Please award points as this is correct answer.
    Thanks,
    -Amith.
    Edited by: Amith on May 10, 2011 3:18 PM

  • Get loggedin Session variables in Home Page

    I got a members directory where u login.
    1.How come they get killed when i refresh a page.
    2.How do i get the loggedin session variable the home page.
    so i know if current user is logged in.
    The Application.cfc of the members is
    <cfcomponent name="Application" displayname="Application
    Component for the Login Security Tutorial" >
    <cfset This.name = "NewLoveZoneAfrica">
    <cfset This.applicationTimeout =
    CreateTimeSpan(0,0,0,45)>
    <cfset This.sessionManagement = "true">
    <cfset This.sessionTimeout = CreateTimeSpan(0,0,0,30)>
    <cfset This.clientManagement = "false">
    <cfset This.loginstorage="session">
    <cffunction name="onApplicationStart"
    returntype="boolean" output="true">
    <!--- Set up Application variables. Locking the
    Application scope is not necessary in this method. --->
    application starting
    <cfset Application.configured = 1>
    <cfset Application.datetimeConfigured = TimeFormat(Now(),
    "hh:mm tt") & " " & DateFormat(Now(), "mm.dd.yyyy")>
    <cfset Application.currentSessions = 0>
    <!--- Begin Setting up request variables here. --->
    <cfscript>
    request.app = structNew();
    Application.dsn = "LoveZoneAfrica";
    Application.webRoot =
    "#getPageContext().getRequest().getContextPath()#/NewLoveZoneAfrica/";
    Application.machineRoot = "/NewLoveZoneAfrica/";
    Application.cfcRoot = "NewLoveZoneAfrica.com";
    Application.Domain = "NewLoveZoneAfrica.com";
    factory=CreateObject("java","coldfusion.server.ServiceFactory");
    sqlService = factory.getDataSourceService();
    dsn = duplicate(sqlService.datasources[Application.dsn]);
    if(dsn.driver eq "MSAccess" or dsn.driver eq "MSAccessJet"
    or dsn.driver eq "ODBCSocket")
    request.app.ucase = "ucase";
    request.app.isAccess = true;
    else
    request.app.ucase = "ucase";
    request.app.isAccess = false;
    </cfscript>
    <!--- End Setting up request variables here. --->
    <cfreturn true>
    </cffunction>
    <cffunction name="onRequestStart" returntype="boolean"
    output="true" >
    <cfargument name="requestname" required=true/>
    <cfif isDefined("form.j_username") and
    isDefined("form.j_password")>
    <!--- If either password or Username is empty go to
    login--->
    <cfif form.j_username is "" or form.j_password is "">
    <cfinclude
    template="#Application.webRoot#Login/Security/Login.cfm">
    <cfabort>
    </cfif>
    <!--- First Check to see wether there is need to log out
    user--->
    <cfscript>
    // create the Security object
    Security =
    createObject("component","#Application.cfcRoot#.security");
    // store authenticate method of security object as roles
    variable.
    LogQry=Security.authenticate(form.j_username,form.j_password);
    </cfscript>
    <cfif LogQry.recordcount> <!--- User has
    Successfully logged in #GetValidUser# --->
    <cfloginuser name="#form.j_username#"
    password="#form.j_password#" roles="#valuelist(LogQry.Role)#">
    <!--- Update the LastLogin timestamp. --->
    <cfscript>Update_LastLogin=Security.LastLogin(form.j_username);
    </cfscript>
    <cfset request.User.LoggedIn = "1">
    <cfset request.User.Username = form.j_username>
    <cfset request.User.LastLogin = LogQry.LastLogin_Date
    >
    <cfelse>
    <!---Destroy request --->
    <cflock scope="SESSION" throwontimeout="Yes" timeout="7"
    type="EXCLUSIVE">
    <cfset clearStruct = StructDelete(request, "User")>
    </cflock>
    <!---Destroy request --->
    <cflock scope="SESSION" throwontimeout="Yes" timeout="7"
    type="EXCLUSIVE">
    <cfset clearStruct = StructDelete(SESSION, "User")>
    </cflock>
    </cfif>
    <cfif NOT isDefined("request.User.LoggedIn")>
    <cfset request.loginMessage ="Your Login Username or
    Password is Invalid ">
    <cfinclude
    template="#Application.webRoot#Login/Security/Login.cfm">
    <cfabort>
    <cfelse>
    <!--- If the login procedure is passed duplicate the
    request structure into the Session scope. --->
    <cflock scope="SESSION" throwontimeout="Yes"
    timeout="107" type="EXCLUSIVE">
    <cfset Session.User = Duplicate(request.User)>
    </cflock>
    <cflock name="lck_currentSessions" throwontimeout="Yes"
    timeout="107" type="EXCLUSIVE">
    <!---THIS has BE CHANgED : bEGIN- original COPY IS @ THE
    FOOT --->
    <!--- Copy identifying session information into the
    Application scope. --->
    <cfif NOT isDefined("Application.sessionData")>
    <!--- Increment the number of current sessions. --->
    <cfset Application.currentSessions =
    Application.currentSessions + 1>
    <cfset Application.sessionData = ArrayNew(1)>
    <cfset Arraysize = 0>
    <cfset Application.sessionData[Arraysize+1] =
    form.j_username>
    <CFELSE>
    <!---check to see wether this "Username" appears in the
    Application.sessionData.
    If so, ignore. If no then append the name to the array so we
    have a unique list of usernames--->
    <cfset Arraysize = ArrayLen(Application.sessionData)>
    <cfset Application.temp = ArrayNew(1)>
    <cfif Arraysize>
    <cfloop index = "LoopCount" from = "1" to =
    "#Arraysize#">
    <cfset #ArrayAppend(Application.temp,
    Application.sessionData[LoopCount])#>
    </cfloop>
    <cfdump var="#Application.sessionData#" >
    <cfset Isloggedin =
    ListFind(ArrayToList(Application.temp), form.j_username)>
    <cfif Isloggedin is 0>
    <cfset Application.sessionData[Arraysize+1] =
    form.j_username>
    <!--- Increment the number of current sessions. --->
    <cfset Application.currentSessions =
    Application.currentSessions + 1>
    </cfif>
    <cfelse>
    <!--- Increment the number of current sessions since twas
    empty. --->
    <cfset Application.currentSessions =
    Application.currentSessions + 1>
    <cfset Application.sessionData[Arraysize+1] =
    form.j_username>
    </cfif>
    </cfif>
    </cflock>
    </cfif>
    <cfelse>
    <cfif not ListLast(CGI.SCRIPT_NAME, "/") EQ
    "logout.cfm">
    <!---Check wether the username appears on the list
    Application.currentSessions is 0 --->
    <cfif NOT isDefined("Session.User.LoggedIn") >
    <cfinclude
    template="#Application.webRoot#Login/Security/login.cfm">
    <cfabort>
    </cfif>
    </cfif>
    </cfif>
    <!--- Check to see if a user is logged in on *every* cfm
    page request. --->
    <cfif not ListLast(CGI.SCRIPT_NAME, "/") EQ
    "logout.cfm">
    <cflock scope="SESSION" throwontimeout="Yes" timeout="7"
    type="READONLY">
    <cfif NOT isDefined("Session.User.LoggedIn")>
    <cfinclude
    template="#Application.webRoot#Login/Security/login.cfm">
    <cfabort>
    </cfif>
    </cflock>
    </cfif>
    <cfreturn true>
    </cffunction>
    <cffunction name="onSessionEnd" returntype="void">
    <cfargument name="SessionScope" required="true">
    <cfargument name="ApplicationScope" required="true">
    <cfset request.loginMessage="Nimeingia onSessionEnd">
    <cflock name="lck_currentSessions" throwontimeout="Yes"
    timeout="7" type="EXCLUSIVE">
    <cfset sessionPosition =
    ListFind(ArrayToList(arguments.ApplicationScope.sessionData),
    arguments.SessionScope.sessionid)>
    <cfif sessionPosition neq 0>
    <cfset
    ArrayDeleteAt(arguments.ApplicationScope.sessionData,
    sessionPosition)>
    <cfset arguments.ApplicationScope.currentSessions =
    arguments.ApplicationScope.currentSessions - 1>
    </cfif>
    </cflock>
    </cffunction>
    <cffunction name="onSessionStart" returntype="void">
    <cfset request.loginMessage="Nimeingia onSessionEnd">
    </cffunction>
    <cffunction name="onRequestEnd" returntype="void">
    <!--- Write any code that needs to run when the page
    request ends. This replaces onRequestEnd.cfm --->
    </cffunction>
    </cfcomponent>

    Answered my own quests
    http://www.rewindlife.com/archives/000046.cfm

  • Inablility to retrieve values of session variables in irpt page

    We currently are using xMII 11.5.  We are having difficulty retrieving values assigned to our created session variables. 
    We have defined 2 users, each associated with session variables whose values differ by user.  Each user is associated with a different irpt page which retrieves information based on the values passed by the session variables.  Both pages return correct information in the grid using the as the param.1 value on the opening of the page. 
    On one page, we are able to retrieve the values of the session variables in Javascript by placing hidden fields on the document and using the document.getelementbyID("hiddenValue1").value.  The other irpt will only bring back the name of the of the session variable in the curly braces, .
    Both users are set up the same in System Security and Data Access.  If we switch the pages opened for the user in the Portal Navigation, one page will return the values no matter which user and the other page will always bring back the session variable name in the braces.  This makes us believe that it is not a problem with the user setup or the definition of the session variables.
    Would anyone be able to help us understand what needs to be done to correct this issue?

    Michelle,
    Have you tried URL encoding your irpt pass through parameters in your Navigation link?  Perhaps the commas and parenthesis are causing some issues ( http://help.sap.com/saphelp_xmii115/helpdata/en/Getting_Started/Template_Editor/Query_Construction.htm )
    Just to clarify, the Role/User attributes defined in LHSecurity are truly session properties, and the session properties are shown by the PropertyAccessServlet results.  Adding the name/value pairs to the URL are only a one-shot pass through to the ReportServlet that processes web pages with .irpt extenstions, so they don't actually set the session properties and are non-retentive beyond the one page.  As you are presently doing with the navigation links, we typically recommend URL passthroughs for page to page activities and using the session itself for name/value pairs that you want to set once and use anywhere throughout your application.
    document.APPLET.getPropertyValue(NAME); will also give you access to the session through javascript, but if you do a view...source in the browser after your TeamLeaderView web page has loaded you should see the results of the search/replace efforts of the ReportServlet, and the javascript you are using to get values out of hidden form field elements should simply reflect the text you see in the view source window.
    If they work inside APPLET tags like you mentioned for Param.1 you could also use document.APPLET.getQueryObject().getParam(1); instead of the hidden form field elements, and remember that you have 32 params and if they are not used in the underlying query can provide a very nice place to 'catch' the results like you are are doing with hidden form field elements that could potentially get reset by a form button.
    Regards,
    Jeremy

  • System session variable USER

    Hi,
    i have setup-ed the action links and used the USER variable for the EBS secuirty context init block as this
    EBS_RESP_ID
    EBS_RESP_APPL_ID
    EBS_SEC_GROUP_ID
    EBS_RESP_NAME
    EBS_USER_ID
    EBS_EMPLOYEE_ID
    USER
    Now for the sso configuration in the RPD i need to use the USER variable again as per the document (section A.1.1 )http://docs.oracle.com/cd/E14571_01/bi.1111/e10543/legacy.htm#BABFJEJF
    "To set up LDAP authentication:
    Create an LDAP Server as follows:
    Select Manage then Identity in the Oracle BI Administration Tool to launch the Security Manager.
    Select Directory Servers from the left pane in Security Manager.
    Right-click in the right pane in Security Manager and select New LDAP Server. The LDAP Server dialog is displayed.
    Create the LDAP server by completing the fields.
    Create an LDAP initialization block and associate it with an LDAP server. For more information. see "Creating Initialization Blocks" in Oracle Fusion Middleware Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition.
    Define a system variable named *USER* and map the USER variable to an LDAP attribute (uid or sAMAccountName)."
    So how can i use the same user variable and assign it to LDAP init block as well the EBS security context init block.
    can you provide your valuable inputs here.

    Referencing GROUP session variable in initialization blocks for different types of authentication
    http://108obiee.blogspot.com/2009/10/referencing-group-session-variable-in.html
    Users are assigned to multiple groups from external table with semicolons, see example two and three from the post.
    Regards
    Goran
    http://108obiee.blogspot.com

  • Passing values to session variables from another application

    Hi,
    From an external application we are passing username and password for accessing the OBIEE Dashboard.In the url call we are passing NQUser and NQPassword. This is working fine.
    To setup data level security we need to pass region id list also as request object. Then we can filter the tables by the value in the region id list for that user. If we use external table to pass the home_id list then the application is working fine by setting up row-wise init block. But we need request object from an external application to send the list. How can we accept the list from OBIEE RPD?
    In the documentation it mentions about session variables - non system. But it requires an init block. How can we create a variable that accepts the values when user logins just like NQUser and NQPassword.
    Please suggest.
    Thanks.

    Try this ...
    http://oraclebizint.wordpress.com/2007/07/30/customizing-obi-ee-%E2%80%93-go-url-parameters/
    In this blog entry you'll find at the bottom ...
    Hello, Can you please explain how to pass parameter values in the url. For example, I want to run an answers query and pass into the url something like this: &Region=West
    Venkatakrishnan J Says:
    August 22, 2007 at 7:36 am
    Yes, this absolutely possible. You can get the details from the Web Services guide since it has all the necessary examples and more explanation. Thats why i did not include it in the blog. You can get it from page 213 of the Docs http://download.oracle.com/docs/cd/B40078_02/doc/bi.1013/b31766.pdf

  • Session Variables Not Sticking

    We are having issue with Session variables sticking from page to page in our Admin area of our website. You can login, but as soon as you click on another link (or anything) they drop.  
    It's not a code issue because we have the same code on 2 other networks and it works fine. We also have the same code on our backup website on the same network and it works fine.  The backup is on a different server in a different location. So that's 3 networks the code is running fine on. It even worked on this network on the main website up until about 9 months ago. I've verified/reverified the code mutiple times. Something must have happened with security patches, some IIS setting, or other server related issue.  We are running 2003 Windows Server Edition SP2 and Coldfusion version 8,0,1,195765. 
    The browsers used are IE7 and IE8. I don't think it's a browser issue because I can open another tab in the same browser and login and stay logged in on the website on another network.  We have already gone into browser advanced settings to make sure session variables are allowed. We've also had a couple of other admins look at it from various locations throughout the Country and they also cannot stay logged in on our main site. They can all stay logged in on the backup site. 
    Frustrating beyond belief. I'm betting it's a Microsoft issue.  Anybody out there have a similar issue or know what it might be?

    I've experienced a similar problem with CF8 using IE8. I've narrowed it down to being cookie related which causes CF to loose the existing session and create a new session. For me, I can consistently duplicate the issue by having multiple tabs open to various sites and then accessing my site to login -- login is successful but the first page request is treated as unauthorized because the session is empty. If I shutdown and restart the browser and bring up only my site, everything works fine. And once I'm logged in, I have never lost a session by opening other tabs. And this has never failed using Firefox or Safari. What is very strange is that I have multiple sites using CF8 and CF9 and only one exibits this behaviour.

Maybe you are looking for

  • Cubase SX4 on Intel Mac

    Hi I just wondered if anyone has started using Cubase SX4 on an Intel Mac? I can't get any of the plugins I used in SX3 to even show up in SX4. I have seached the Cubase forums and tried all kinds of possible fixes to no avail. eg remove blacklist, s

  • HT1688 How do you set up photo streaming to your home computer/windows?  My computer does not show an iclod icon when I go to the control panel/network and internet

    How can I set up icloud phote streaming to my home computer?  When I follow their directions my comuter does not show the Icloud icon uner the control panel / netwrok internet

  • Unsupported File

    I have no idea what is wrong with this thing!!!! When I open iDVD, a screen pops up saying "Unsupported File Type: Unknown format Macintosh HD/Applications/iDVD/Contents/Resources/0012_Droplet.theme/Contents/Resources/B ackgroundMovie.NTSC.mov" What

  • Softproofing won't work Lightroom 4.1

    I upgraded to Lightroom 4.1 yesterday and now softproofing won't work. It just shows a 50% gray block where the softproof picture should be. It worked OK in version 4.0. What happened?

  • No bass on 5.1 setting

    Hi, I have recently upgraded to XP 64 bit and as such the drivers on the CD became redundant. I downloaded the latest set from Creative and they have installed fine. I have sound, but I don't appear to have Bass output to my speakers. If I switch the