Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: package session vars/ logins

Re: package session vars/ logins

From: Jake <jgarfield_at_earthlink.net>
Date: Mon, 15 Oct 2007 06:13:19 -0700
Message-ID: <1192453999.425945.191360@t8g2000prg.googlegroups.com>


On Oct 15, 8:36 am, "Vladimir M. Zakharychev" <vladimir.zakharyc..._at_gmail.com> wrote:
> On Oct 15, 7:01 am, Jake <jgarfi..._at_earthlink.net> wrote:
>
> > Would it be a realistic usage of package vars to hold, for example, a
> > userid of a current logged in user?
>
> > Say, for example, if I had a table of usernames, passwords, and
> > userids. I could have the person using the application log in and
> > check their user name and password in a table (basically handling the
> > login myself). From that point they can access that user's data.
> > Once the session ends their access to data ends too.
>
> > This is how I would do it in PHP/MySql (w/ PHP session vars) or
> > VB .NET/Sql Server. Not sure if the example translates though, or
> > would you want a separate Oracle username for each person?
>
> > Also, what are some other realistic uses of package vars? thanks.
>
> If the session is persistent (that is, the session is not shared
> between different users,) then yes, you can do it that way; though I
> would rather use a user-defined session context for this (research
> CREATE CONTEXT in the docs.) One good reason for using contexts is
> that sys_context() in a query is treated as a bind variable by the CBO
> (mostly for efficient FGAC policy implementations, but applies equally
> well wherever you use dynamic SQL.) Another good reason is that
> contexts are more secure: only single authorized package or procedure
> in the database may add or alter values in certain context (for
> example, the package where you handle user login - check credentials,
> determine access rights, etc.,) while packaged variables can be
> altered by the user anytime (don't expect that users will always use
> only your front-end to connect to the database, plan for the smartest
> of them. :))
>
> Regards,
> Vladimir M. Zakharychev
> N-Networks, makers of Dynamic PSP(tm)
> http://www.dynamicpsp.com

okay. thanks.

I'm still not sure why I would want to use session persistence in package vars, or why it is such a great thing.

Can some on sell me on session persistence? What would I want to do with it? Received on Mon Oct 15 2007 - 08:13:19 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US