Académique Documents
Professionnel Documents
Culture Documents
Other Paths
• wwv_flow.show -> wwv_flow.show
authentication steps, error pages
• wwv_flow.accept -> wwv_flow.show
Branch to Page or direct branch
To present page validation errors
• wwv_flow.show -> wwv_flow.accept
Branch to Page Accept
• AJAX – xmlhttp request POSTs to wwv_flow.show
Moving parts, cont’d.
• Other parameters
• p_trace - Turn on database session tracing
• c – workspace identifier
• pg_min_row, pg_max_rows – report pagination
• success_msg
• notification_msg
• cs (Session State Protection checksum)
wwv_flow.show wwv_flow.accept
Inputs Inputs
Application ID Application ID
Page ID Page ID
Session ID Session ID
Workspace ID Workspace ID
Request Request
Page and Application Item Names Page Item IDs
Page and Application Item Values Page Item Values (scalar or array)
Ajax Controls, Scalar and Array Values Dynamically Generated Values (array)
Checksums and other Security Values Checksums and other Security Values
Debug and Trace Flags Debug and Trace Flags
• When SSP is enabled for the application, non-restricted items can have one of
these Item Protection Level settings:
• Unrestricted – no checksum necessary to set item in URL
• Checksum Required: Session Level
• Checksum Required: User Level
• Checksum Required: Application Level
• p_checksum_type
• ‘3’ or ‘SESSION’
• ‘2’ or ‘PRIVATE_BOOKMARK’
• ’1’ or PUBLIC_BOOKMARK’
• Maximum Session Length in Seconds – wall clock time session can exist
• Session Timeout URL – for public page to tell user what happened
• Maximum Session Idle Time in Seconds - wall clock time session be idle
• Idle Timeout – for public page to tell user what happened
• API provided to programmatically adjust either limit (apex_util)
procedure set_session_lifetime_seconds(
p_seconds in number,
p_scope in varchar2 default 'SESSION');
procedure set_session_max_idle_seconds(
p_seconds in number,
p_scope in varchar2 default 'SESSION');
• Passwords that are entered in a form and processed during that page’s after-submit
processing can use the new Password (does not save state) item type
• Apex engine simply skips the step that would ordinarily write submitted item values to
the session state table.
• Page item value can be referenced during after-submit validations,
computations,processes, and by compiled PL/SQL called from those components
during the lifetime of the HTTP request used to submit the page. After that, there is no
record of the item value.
• During upgrade to 3.2, all “old” password item types in applications are converted to
use the encryption feature.
• Apex provides new reports so developers can see at-risk password types in an
application, i.e., those that use the “old” password type and also do not use the
encryption feature.