Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: oracle webserver 3 question

Re: oracle webserver 3 question

From: <djoh_at_my-dejanews.com>
Date: Tue, 15 Dec 1998 18:11:17 GMT
Message-ID: <7568o2$jpm$1@nnrp1.dejanews.com> 





If you have no need of password protection, but need to identify user only
with no other protection, you could try:



    
  
  1.   1)user identifies himself in a text box on the initial page
    2)the plsql app that handles the posted data passes this data
      in a 'hidden' field in all subsequent pages. All links off the page
      to other parts of the app must pass the user variable as part of the url

  
  2.   1)user identifies himself in a text box on the initial page  use of a
password here is optional  2) the process that handles the first posting sets
state data about  the connection in a web_sessions table, verifying the user,
and saving  ip-address, user_name, timestamp, and session_id(sequence
generated)  this could be implemented by a call to a stored procedure  which
we could call create_session  3) the form which is returned from the posting
will send a cookie containing  the session_id to the browser, for the server
domain.  4) all subsequent modules in the application will call a module
called	check session, which will request the cookie from the browser, and 
lookup the session, testing it against the ip address of the user  if the
user is found the new page is produced and sent, otherwise, we	redirect to
the login page.










In article <751eh1$tki$1_at_reader1.reader.news.ozemail.net>,
  "Andrew Mullen" <andrew.mullen_at_ap.effem.com> wrote:


> Dear All,.


>


> I am having a problem with webserver application that I'm hoping someone


> from this newsgroup knows something about.


>


> I have a fairly simple reporting application that I have developed (pl/sql),


> that will be used by anywhere from 5 to 50 users. I don't want the users to


> have to enter a userid/password to start the application, and each user


> needs to be distinctly identifyable in v$session table.


>


> So,. obviously I can't stored the username/password in the DAD (because of


> the non-distinct connections). I have an ugly solution at the moment where


> an activeX program on the server is first called when the application is


> started. This retrieves the LAN userid, manipulates it into a password, then


> forms the call to the application


> (http://username:password@machine:port/dad/plsql/application). But the


> username and password is visible in the address bar...


>


> This works, but tends to become unstable. When I test the application with


> multiple users, I get connection timeouts, pages not loading. If I stop and


> refresh a page during a load I can start ending up with multiple connections


> to the database, some of which remain active for a fair while before droping


> out. However, if I start the application by going through the dialog box


> where you enter a userid/password, I don't get these problems.


>


> Oracle tech support were aware of other ways of doing distinct user


> connections to applications where the user doesn't have to manually log on


> to the application, but they didn't know how this was done. If anyone has


> any ideas on how I can get around this connection issue I would be truly


> grateful if they would share their knowledge with me.


>


> Thanks in Advance,


>


> Ben Engel


> ben.engel_at_ap.effem.com


>


>





-----------== Posted via Deja News, The Discussion Network ==----------
http://www.dejanews.com/       Search, Read, Discuss, or Start Your Own    
Received on Tue Dec 15 1998 - 12:11:17 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US