Login/Logout Handling in Apex 4.1.1August 30, 2012 at 2:41 pm | Posted in Oracle Application Express (Apex), Oracle Developement | Leave a comment
Tags: apex, application express, oracle
With the Apex 4.1.1 patch, some behavior in the login/logout processing has changed.
In our application we use the standard way of logging in. That is our login page (101) contains a page process called Login. In this process is a call to wwv_flow_custom_auth_std.login. One of the parameters passed into this procedure is P_FLOW_PAGE. This parameter tells Apex which page to display after a successful login.
In our application we want that to be page 102, which contains some other code to branch to yet another page, depending on user preferences. After upgrading from 4.0.2 to 4.1.1, we noticed that the login procedure did no longer branch to page 102, but instead to our default home page. After getting some help from MOS and the OTN forum, I found that in order for wwv_flow_custom_auth_std.login procedure to redirect to the page specified in P_FLOW_PAGE, the application attribute FSP_AFTER_LOGIN_URL needs to be set to NULL. You can do this by simply preceeding the call to wwv_flow_custom_auth_std.login with:
apex_util.set_session_state(p_name => ‘FSP_AFTER_LOGIN_URL’,p_value => null);
Alternatively you could add a Pre-Authentication Procedure in your authorization scheme with a call to above procedure.
In our application prior to upgrading to 4.1.1, our standard logout link used the &LOGOUT_URL. substitution variable. The value for this variable is defined in the custom authentication scheme and looked something like this: f?p=100:500. So when you clicked the logout link it took to to page 500, where I did some DML, and then redirected to wwv_flow_custom_auth_std.logout.
While you still define the LOGOUT_URL the same way in 4.1.1, the actual link resolves to:
Where is the reference to page 500, as defined in my LOGOUT_URL? Well, it still gets called, but after the session has logged out. This was a problem for us because in our page 500 DML we still needed to reference :APP_USER. But, since the session was now logged out, :APP_USER no longer had a value.
So to work around this issue, we simply changed our logout link to go to page 500 instead of referencing &LOGOUT_URL.