Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Usenet -> c.d.o.server -> Re: package session vars/ logins

Re: package session vars/ logins

From: Jake <>
Date: Mon, 15 Oct 2007 06:13:19 -0700
Message-ID: <>

On Oct 15, 8:36 am, "Vladimir M. Zakharychev" <> wrote:
> On Oct 15, 7:01 am, Jake <> wrote:
> > Would it be a realistic usage of package vars to hold, for example, a
> > userid of a current logged in user?
> > Say, for example, if I had a table of usernames, passwords, and
> > userids. I could have the person using the application log in and
> > check their user name and password in a table (basically handling the
> > login myself). From that point they can access that user's data.
> > Once the session ends their access to data ends too.
> > This is how I would do it in PHP/MySql (w/ PHP session vars) or
> > VB .NET/Sql Server. Not sure if the example translates though, or
> > would you want a separate Oracle username for each person?
> > Also, what are some other realistic uses of package vars? thanks.
> If the session is persistent (that is, the session is not shared
> between different users,) then yes, you can do it that way; though I
> would rather use a user-defined session context for this (research
> CREATE CONTEXT in the docs.) One good reason for using contexts is
> that sys_context() in a query is treated as a bind variable by the CBO
> (mostly for efficient FGAC policy implementations, but applies equally
> well wherever you use dynamic SQL.) Another good reason is that
> contexts are more secure: only single authorized package or procedure
> in the database may add or alter values in certain context (for
> example, the package where you handle user login - check credentials,
> determine access rights, etc.,) while packaged variables can be
> altered by the user anytime (don't expect that users will always use
> only your front-end to connect to the database, plan for the smartest
> of them. :))
> Regards,
> Vladimir M. Zakharychev
> N-Networks, makers of Dynamic PSP(tm)

okay. thanks.

I'm still not sure why I would want to use session persistence in package vars, or why it is such a great thing.

Can some on sell me on session persistence? What would I want to do with it? Received on Mon Oct 15 2007 - 08:13:19 CDT

Original text of this message