Skip to Main Content
Feature Request FR-2924
Product Area Developer Experience
Status ROADMAP

25 Voters

New Rejoin Sessions mode: Just Use the Cookie

joshua.caplan Internal · Jan 10 2023

Idea Summary

Allow developers to instruct APEX to preserve/rejoin a session using the browser session cookie no matter what.

Use Case
For a public app with premium features accessible if someone is signed in, as for example this very “ideas” app, there are no reasonable settings for the Rejoin Sessions mode that will allow the following situation to work.

  1. App has a public detail page model https://$adbdns/ords/r/$workspace/$app/details?param=$p (for example, this idea https://apexapps.oracle.com/pls/apex/r/apex_pm/ideas/details?idea=FR-2924)
  2. User signs in
  3. User visits a bookmarked link for any detail page as in point 1.

Under all scenarios, APEX refuses to preserve the session, which looks to the user as if she has been logged out. 

Preferred Solution (Optional)
Add a new mode alongside "Rejoin Public Sessions" and the confusingly-named "Rejoin All Sessions" which eliminates all the weird conditions designed to prevent URL hacking. Sometimes the ability for a user to easily formulate a URL is actually a feature.

Current workarounds include: implementing rejoin sessions ourselves using ORDS or hacking it using anchors, which only currently works because the latest version of theme_42.js:scrollTo is more tolerant of non-existent anchors than earlier versions were.

This is currently on the roadmap for a future release of Oracle APEX.

Comments

Comments

  • avinash.p.a OP 2.5 years ago

    This is a deal breaker feature for Open Data

  • 42 OP 2.5 years ago

    Your ORDS-based example is not accessible as it is located on an internal Oracle system.

  • jayson hanes Admin OP 2.5 years ago

    @avinash.p.a how so? REST can be configured to access data despite this topic

  • avinash.p.a OP 2.5 years ago

    @jayson hanes we are not using REST , this issue is about sessions showing up in URL , without which our sign in , sign out dose not work , and if we have sessions the bookmarked URL's shows up a error message . @joshua.caplan can explain more about our use case

  • joshua.caplan OP 2.5 years ago

    @jayson hanes I'm all ears if there is a workaround that involves REST. Our APEX lives on ADB-S.

  • joshua.caplan OP 2.2 years ago

    This ideas app is a perfect example of why you need this mode. If I hit the URL for it (https://apexapps.oracle.com/pls/apex/r/apex_pm/ideas/details?idea=FR-2924), then log in, then hit that URL again, APEX throws out my session.

  • jayson hanes Admin OP 2.2 years ago

    fwiw, the Ideas app share button is a link to a REST service as you describe.

  • andrea galizzi OP 1.8 years ago

    This new option would be very, very useful!

  • desenvolupament OP 9 months ago

    Are there any news with this? It would be very interesting, as having the session in the url is something apex should avoid. Could this be achieved with session based cookies storing the session id or similar? And when opening a new tab, clone the last session and create a new independent one for current tab.