Hide encrypted password and username Item Values from Session State Display after authentication

ukpalichi.david Public · Jun 18 2025

Idea Summary
currently, sensitive data such as user passwords and username are visible in the Oracle APEX session state after login. I want the sensitive item values should be hidden from the session state viewer to prevent exposure.

Use Case
If sensitive values (e.g., passwords or password) remain visible in the session state, there is a security risk. An attacker with access to the session or debug tools could potentially view these credentials and impersonate legitimate users, leading to unauthorized access to accounts or systems.

This idea is open.

Comments

anton nielsen OP 2 weeks ago

You should set those items to have Session State > Storage = Per Request (Memory Only)

1 Voters

Hide encrypted password and username Item Values from Session State Display after authentication

Feature

Comments

Comments