Similar Questions

• Apex 5.0 "session state protection violation" during the change of display only value point in dynamic action.

  The following feature gives us a message "session state protection violation", after we migrated our application from Apex 4.02 to 5.0.

  For example, in apex.oracle.com: https://apex.oracle.com/pls/apex/f?p=50676:1:

  Whenever the value of the input field changes, the URL to test changes. This is done in a dynamic action of 'change' on the version field. The action of the set value changes the value of URL to test.

  When the page is sent to the error message is displayed.

  1. Why do we get this message in Apex 5.0 and not in 4.0.2?

  2. What is the way to do this in the Apex 5.0?

  Thank you

  René

  

  Just try save session state - no.

• Session state protection violation: this can be caused by manually editing the protected page P67_C point. If you don't know what caused this error.

  Hi friends,

  I create three field A textfield,textfield B,C textfield and apply the formula with dynamic action.

  C = A + B.

  Now, I want to protect user could not be total change at point C, so I change it is property of the text field to display only and change in

  Settings-> save the Session State-> Yes

  After all changes when I ran page and provide the registry then it shows me error below.

  Session state protection violation: this can be caused by manually editing the protected page P67_C point. If you don't know what caused this error, contact the administrator of the application for assistance.

  
  

  How to disable the total at point C when I use the dynamic action to calculate the Total of A + B.

  Thank you.

  
  

  
  

  
  

  Hi Maxence,

  1. in the case of a display one element

  Change your point of P67_C and change the State of Session Save-> No.

  2. in the case of a text field

  Change your point of P67_C and make it read-only

  go to the attributes of the HTML Form element-> readonly = "readonly".

  Hope this helps you,

  Kind regards

  Jitendra

• Session state protection error

  Hello

  I get an error on the browser Internet Explorer (doesn't happen in chrome), which States "Session State protection violation: this can be caused by manually editing the protected page P11_NEW_FLAG point." If you don't know what caused this error, contact the administrator of the application for assistance. Contact your administrator for the application. "

  
  

  I don't know why this error because the element P11_NEW_FLAG is NOT protected at all. Here's the security properties are attributed to him:

  
  

  
  

  

  It has a readonly condition associated with him making it readonly based on some logic PL SQL.

  I don't know where to start debugging? What can be the root cause?

  Thank you

  Sunil Bhatia

  Hi Sunil Bhatia,

  Sunil Bhatia wrote:

  Hi mohamed,.

  No, its not hidden item, it's a FLAG (Checkbox) I display on the front end. There are readonly. I debugged and error occurring only when the box is read-only. It automatically creates checksum argument.

  Other settings to watch?

  Thank you

  Sunil Bhatia

  You use the condition parameters of article readonly?

  CheckBox and select items does not in HTML readonly property. ReadOnly checkbox in the case of Oracle APEX is setting the disabled property. Therefore, on presentation of the page it is originally the error of session state protection.

  An easy way to do this is to write a dynamic action (run Javascript) to disable the checkbox if necessary:

  $("#P11_NEW_FLAG").attr("disabled",true);
  

  But write a front page submit dynamic action (run Javascript) to activate elements disabled on the page, so that the layout of the page works fine:

  $("#P11_NEW_FLAG").removeAttr("disabled");
  

  Reference: Apex tips and tricks - an easy way to make read-only items

  I hope this helps!

  Kind regards

  Kiran

• session state protection - no url access

  I use APEX 4.1.0 and Oracle 10 g.
  
  I started to apply the Protection of the State of Session on my APEX pages. The option "Arguments must have Checksum" works very well for the pages accessible by URL links. "No Arguments Allowed" option also works very well for those pages that have no arguments. But I did not get "No URL access" to work for one of my pages that are accessible from branches of page with arguments.
  
  Ideally, I would like to see an example of "No URL access" in action. I looked everywhere and have not found a good example.
  
  This is one of the branches in my app, I tried:
  
  The definition of the domestic Action section:
  

  Target type: Page in this application
  Page: 20 <-----------This is the page with "No URL Access" set.
  Request:
  Clear Cache: 20,RIR
  Set these items: IR_ACOL,IR_BCOL
  With these values: &P10_AITEM.,&P10_BITEM.

  I don't think that there is something special here on the use of IR filters. It's the same problem with other types of pairs of point value. Let me know if you need more information.
  Thank you
  Jackie

  Hello

  If you set "No access URL" you branch to the page.
  Branch type must be 'branch to the page.
  When you create the branch, second page of the wizard, clear 'branch of page redirection using'.

  In the branch of this type, you do not have options clear cache or set values of the element. You need to do that in the process before the branch.

  Kind regards
  Jari
  -----
  My Blog: http://dbswh.webhop.net/htmldb/f?p=BLOG:HOME:0
  Twitter: http://www.twitter.com/jariolai

• Violation of State protection session during the creation of master page / retail

  I am trying to create a new master page / detail in Apex 5.0, and at the end of the dialog box, I get this error message:

  Session state protection violation: this can be caused by manually editing the protected page P24_MASTER_PAGE_MODE point. If you don't know what caused this error, contact the administrator of the application for assistance.

  [I am the administrator of the application, and I have not the slightest idea either.]

  The error occurs when I click Next in the dialog Page attributes. The error also occurs in other applications in the same workspace. So I don't think it's important, but I replace the default detail Page number. (The default number of Master Page is grayed out.) In addition, the dialog box layout I had selected... in a table on the same page. I've also specified no master navigation and no reports of master.

  Following archived discussion of v4.1.1, Session State protection violation, I modified a diagnostic query and run the following in my diagram:

  
  

  Select item_id, nom_element page_id, region of apex_application_page_items where nom_element = ' P24_MASTER_PAGE_MODE'

  
  

  I'm not abreast of any application in my workspace with a Page 24 and sure enough, this query returns no data found. Please take note of this before suggesting to change the attributes of the element. I don't know where the item is and not only the database, apparently. Apex seems to think there is - but where?

  
  

  Since an earlier discussion which went nowhere, I crushed my most recent request for export file, but that has not solved the problem. I also went into my workspace apex.oracle and created a form master / detail without error.

  
  

  Thanks for your help!
  

  Obfuscation Express.

  Worsening Express.

  Apex, the product you hate to love.

  It turns out that the dialog box create a Master Page / detail has a Mode option of the Page on modal Page attributes page. I'd be willing to bet, this option is not P24_MASTER_PAGE_MODE. (There is also one for the details of page: P24_DETAIL_PAGE_MODE?) But it has the Normal and gray value.

  It is also now a Select list after my dose; I think it was a type item view only before the fix, which only confirms my thought. I was wondering, which could affect, or enable or disable the modification of the attributes of session state for that element. Model and its theme came to mind, and I remember that I had tried to understand something on a model in the last days, had made a change and tried to cancel it.

  To no avail, apparently.

  Thus, a little more explore new territory, trying to find the modified model and could not. But I read that templates are collected into themes, and I found that I could renumber 26 theme in the application (926). Then make a theme create, from the repository, changing from standard to all themes, click theme 26. Then it was switching themes and rematching models and remove the renumbered theme 926.

  Voila! I can now create a master page / detail without report master!

  Thanks for all the help, with particular satisfaction for Pranav.shah, who was on the train right but don't know which track to take.

• Violation of State protection session error - after upgrade to point 4.1.1

  Hello!
  
  After the upgrade to demand Express 4.1.1.00.23 we get the following error message when you try to leave a page with elements of readonly:
  
  Session state protection violation: this can be caused by manually editing the protected page PXX_ITEM_NAME point. If you don't know what caused this error, contact the administrator of the application for assistance.
  
  Everything works fine in 4.0.2.00.07!
  
  Session of the element State protection has the value "without restriction".
  
  Someone now on a solution or possible workarounds?
  
  BR Paul

  Hi Paul,.

  in fact, it's a bug in the LOV awesome plug-in. In the case of the read-only, it also called

        l_name := apex_plugin.get_input_name_for_page_item(FALSE);
  

  but never use this value that subsequently confuses APEX when the page is sent.

  This statement, I moved to the the if ELSE

     ELSE
        l_name := apex_plugin.get_input_name_for_page_item(FALSE);
        sys.htp.p(
              '<input type="hidden" name="' || l_name || '" id="' || p_item.name || '_HIDDENVALUE" value="' || p_value || '" />' || l_crlf
  

  and now it works.

  I'll let Dan know so that it can release a version update of the plug-in.

  Concerning
  Patrick
  -----------
  My Blog: http://www.inside-oracle-apex.com
  APEX Plug-Ins: http://apex.oracle.com/plugins
  Twitter: http://www.twitter.com/patrickwolf

• Protection of session state - Arguments must have Checksum - help needed

  Hello world
  
  I use apex 4.0 and that you have defined:
  
  Protection of session state = True
  Page = Arguments access protection must have the checksum
  Point of application protection = Cecksum required - Session level
  Page data entry point Protection = required Cecksum - Session level
  Page Display-Only item = Cecksum required - Session-level Protection
  
  On the pages that contain an interactive report, calls to other pages updated and or to delete a record from the pharmacokinetics of recording work OK.
  I put these as follows:
  In the Interactive report link-> Link attribute column = onclick = "new top. Ext.apex.PopupWindow ({url: this.href, title: 'Change collation details', width: 530, height: 500, listeners: {'success': gReport.search}}). show(); return false; »
  Target = this Application Page
  Page = 302Item = P302_IDCLASS
  Value = #IDCLASS #.
  Page Checksum = - default user.
  
  The problem is the button 'Create a new record' that is on the page of interactive report. I set the button as:
  The attributes button = onclick = "new top. Ext.apex.PopupWindow({url:'f?p=&APP_ID.:302:&APP_SESSION.::NO:302:::',_title:_'Create_New_Classification',_width:_530,_height:_500,_listeners:_{'success':_gReport.search}}).show (); return false; »
  Action when click = redirect to the Page of this Application
  Page = 302
  Clear Cache = 302
  
  When I click the button I get the following message:
  Session state protection violation: this can be caused by a manual change to a URL containing a checksum or using a link with a missing or incorrect checksum. If you don't know what caused this error, contact the administrator of the application for assistance.
  
  If I change the attributes of the button to be:
  OnClick = "new top. Ext.apex.PopupWindow({url:'f?p=&APP_ID.:302:&APP_SESSION.::NO:::',_title:_'Create_New_Classification',_width:_530,_height:_500,_listeners:_{'success':_gReport.search}}).show (); return false; »
  
  It works OK, bu page elements are not clear.
  
  Could somebody please explaing to me what I am doing wrong so I understand my mistake?
  
  Thank you
  
  Daniel

  Hello

  If I understand correctly what you need...

  Create a point of the MY_BTN_URL application.
  You can set this element of Protection of the Session State to 'Restricted - cannot be resolved in the browser.
  Create the calculation of demand for this article
  Calculation Point: Before header
  Calculation type: PL/SQL Expression
  Calculation:

  APEX_UTIL.PREPARE_URL (
    p_url => 'f?p=&APP_ID.:302:&APP_SESSION.::NO:302::::',
    p_checksum_type => 3
  );
  

  Change your attributes of button

  onclick="new top.Ext.apex.PopupWindow({ url:'&MY_BTN_URL.', title: 'Create New Classification', width: 530, height: 500, listeners: {'success': gReport.search} }).show(); return false;"
  

  Kind regards
  Jari

  Published by: jarola October 25, 2011 15:50

  Published by: jarola October 25, 2011 16:16

• What the Protection of Session State and when it is used.

  Hello
  
  I just want to know what is the Protection of the State of Session and where it should be used.
  
  Thank you
  Deepak

  Deepak,

  Protection of the State of session in the Oracle apex is a built-in feature that allows you to prevent users / hackers to a URL handling in your application.

  http://download.Oracle.com/docs/CD/E14373_01/AppDev.32/e11838/sec.htm#CDDGIGJH

  A simple way to undersatnd, what would be your banking session. As soon as you connect, your URL would include a key and probably session information for the session that you log on. But if you copy this URL and log off and reuse the URL, you wouldn't be able to connect as that the session is over.

  Or once you connect and navigate to a page, you would have the information information session and the page in your browser to the URL (say it's balance transfer page). However, this page would not directly accessible using the URL with someone else. A similar security feature can be activated by using "URL access" in the access page for Apex session state protection.

  Hope this helps,
  Rajesh.

• disables the State protection of pages without argument running session

  Hi all
  
  
  
  Components shared = > Security = > authentication schemes = > Application Express - current
  
  I did the steps of folowwing:
  
  Components shared = > Security = > Protection of the State of Session = > button Set Protection
  in the screen folowwing press Enable followed by next
  in the next screen, tap the Protections of State Session enable
  
  
  
  in the page components shared > Session State Protection > Protection of the Session State by Page
  
  the two page 0 and 1 are unrestricted
  
  STIL, I can't start my application
  
  page error 1:
  No checksum has been provided to show the processing of a page that requires a checksum when one or
  
  ask more, clear the cache, or argument values are passed as parameters.
  
  
  page 0 and 1 have no element
  
  Page 1 has a region of the type list
  and uses the list available on page 0, but using a list template override od Pull Down Menu with
  
  Image of the same list on page 0 has a model list of Menu DHTML with sublist
  
  
  
  I am at a loss of the EUL solutions is the protection of the session off all State
  
  
  
  
  
  Help, please
  
  KR
  Martin

  It's a quirk in how the login page is called using the deep link, created by the manufacturer. To work around this problem, you can set page 101 to Unrestricted so that no amount of control is necessary.

  Scott

• Links created manually on a tree with the Protection of the active Session State

  Friends,
  
  I met a problem and hope you can help me with.
  
  I created a tree using the method described in a book great John & Scott, 'Pro Express Application'. Here is an example of a link stored in my table:
  
  
  access a page, passing it parameters
  
  f? p = & APP_ID.:3: & SESSION.: P3_IDENTIFIER, P3_FAMILY_NAME: & P2_IDENTIFIER, & P2_FAMILY_NAME.
  
  
  When the page is executed that it works as expected. I can expand the tree and go to the page, passing it the parameters if necessary.
  
  However when I turned on the protection of session state these links "handmade" has stopped working. (What I expected because it contains no checksum!).
  
  After some research, I see that I must use APEX_UTIL. PREPARE_URL to generate the URL with a checksum. But that's where I met problems. I can't be able to pass parameter values to the calling page.
  
  The original tree query was:
  
  Select "IDENTIFIER" id,
  "PARENT_IDENTIFIER" the nest,
  Name of "TITLE."
  Link "LINK."
  null a1,
  null A2
  a < table >
  
  Then, I changed the option to use APEX_UTIL. PREPARE_URL:
  
  ....
  APEX_UTIL. Link PREPARE_URL (Link),
  ....
  
  But clicking on the link just gave me a blank page. I then hardcoded just the url in the select statement:
  
  ....
  APEX_UTIL. PREPARE_URL ('f? p ='|: APP_ID |) » : 3 :'|| : APP_SESSION |': P3_IDENTIFIER, P3_FAMILY_NAME: & P2_IDENTIFIER, & P2_FAMILY_NAME. ") link.
  ...
  
  and it works, the page is called, and I can see the values of the parameters passed. But I can't use this method because it is limited to a page!
  
  Finally, I tried to store the parameter values, the parameters and the page number in different columns of the table that the tree came and then bring together them:
  
  ...
  APEX_UTIL. PREPARE_URL ('f? p ='|: APP_ID |': ' | navigate_to_page |': ' |: APP_SESSION |': ' | parameter |': ' | parameter_values link).
  ...
  
  Go to page set: 3
  parameters a value: P3_IDENTIFIER, P3_FAMILY_NAME
  parameter_values has the values of: & P2_IDENTIFIER, & P2_FAMILY_NAME.
  
  He now calls the page, but the values of the parameters have become literals. so, where I would expect an identifier I see & P2_IDENTIFIER Idem for family name.
  
  What I am doing wrong? How can I pass values to my page called using apex_util_prepare_url?
  
  If necessary, the details of my environment are: Apex 3.2.1 Oracle Application Server 10.1.2.3. Database Oracle 10.2.0.3
  
  Thanks in advance for any help you may be able to provide.

  Hello

  & NAME. the rating is not available in SQL, you must either use: NAME or v ('NAME') or nv ('NAME') (for numbers). One of these must be concatenated in your SQL statement in the same way that you did for: APP_ID etc.

  Andy

• Error Page protection violation in APEX 4.2.2 - Login Page

  Hi all

  I have an internal application (application extremely personalized ;-)) that uses dynamic action to connect to the apex without loading the login page.

  However after ungrading to 3.2.1 I found out how that this 'approach' is now met with the famous "Error Page Protection".

  I disabled all the protections of session state and everything. I have a check_sum on the page.

  What I need is to completely disable these controls. This SUMMIT only for a small group working within an intranet, but we want to make it accessible to other employees?

  I read about the error and nothing seems to relate to my question. The error is on the login page. This happens when I submit a full url to the login page of my application.

  I understand that this is to protect applications, but I insist own hacking my own APEX application. I don't want to manipulate the elements on my page!

  Can someone advise how to CANCEL this protective function.

  Thanks in advance for your suggestions.

  Jan S,

  Hi Jan,

  If you create a request of wwv_flow.accept of the desktop application on page 101 of your APEX application. As you probably know, passing the credentials in the URL is not safe, but let's ignore that for now, because the point is to hack your own app, as you mentioned above :-) How about this:

  1 generate a normal f? p application, e.g., f? p = 12345:101:0:P101_USERNAME, P101_PASSWORD:JanS, JanSPassword

  2. on your login page, add a front page header junction accept, with the goal of page 101 and request LOGIN

  3. Add a condition to this branch, so APEX uses only if P101_PASSWORD is not null

  Kind regards
  Christian

• Connect all the elements of session state?

  I need to create a record of routine that captures the current user to an APEX session state and she pours in a table of error log.
  
  I already have the paper table and an autonomous_transaction function defined in one of my pl/sql packages, but now I need to get information from the user's session, for example what page they were, what their item app values were, what the last request has been, etc..
  
  Does anyone know how to do that without grant select on apex_030200.wwv_flow_data the ID of the workspace where the logging feature?
  
  Wwv_flow_data contains information for all users, I want just the logarithmic function to access the current user/app/session data only. Yes, I can filter with a where clause clause, but I rather it would be more like a self filtering view that shows you your own data (defined in the schema of the apex/flow). Even better would be a function APEX_UTIL that returns the session state in a clob or varchar2 32K maybe even in the name = value format.
  
  My version of db is a business with Apex 3.2.0.00.27 11.1.

  You'll want to use the built-in views. Here is a sample of something that I use to record values report.

  DECLARE
  CURSOR c_items IS
        SELECT item_name
          FROM apex_application_page_items
         WHERE application_id = p_application_id AND
               page_id = p_page_num AND
               (region_id = p_region_id OR
                p_region_id IS NULL) AND
               display_as NOT IN ('Stop and Start HTML Table (Displays label only)', 'Hidden and Protected');
  
    BEGIN
      FOR r_items IN c_items LOOP
        store_report_value(p_report_id, r_items.item_name, v(r_items.item_name));
      END LOOP;
  
    END;   
  

  You can pass the values of Apex as: APP_SESSION,: APP_PAGE_ID,: APP_USER as parameters in a procedure.

• Get the session state of the order of the day in javascript

  Is there anyway to get the value of an element of demand through jS?

  [I have an app that loads a different source into an iframe depending on which page the user is.]  I can load this value in session state for a part of the application (or a point probably page) but for the redirect which is made in java script I don't know how to get the value of session.  [I do not have it as the value of the client side.]

  Thanks guys, but I think that it would give me only the value in the DOm not in session state.  I had to make a page zero point and dynamic action that populated the in the DOM, and then I could use JS ($v) to get the variables.

  I couldn't find a way to get session state directly.

• session state variable, concept and work around

  I use the variable session state and tried under the code element. But so far, I've had it is that when a variable assigned a value in plsql block, its scope has ended so only.

  And in the next step using the simple sql variable within the same session, we had manifest error.

  Is there a work around using too simple sql variable.

  SQL> CREATE OR REPLACE PACKAGE MYPACKAGE
    2  as
    3  mysess_var number;
    4  end;
    5  /
  
  
  Package created.
  
  
  SQL> create table tmp_sess as select 1 sess_id from dual;
  
  
  Table created.
  
  
  SQL>
  SQL> declare
    2  begin
    3  MYPACKAGE.mysess_var := 1;--Assiging value
    4  insert into tmp_sess values (MYPACKAGE.mysess_var);
    5  commit;
    6  end;
    7  /
  
  
  PL/SQL procedure successfully completed.
  
  
  SQL> --I also want this to be achive for plain sql syntax,  is it possible
  SQL> insert into tmp_sess values (MYPACKAGE.mysess_var);
  insert into tmp_sess values (MYPACKAGE.mysess_var)
                               *
  ERROR at line 1:
  ORA-06553: PLS-221: 'MYSESS_VAR' is not a procedure or is undefined
  

  You cannot access variable defined in a package of SQL. Good way would be to define the getter and setter methods.

  SQL> create or replace package mypackage
    2  as
    3    mysess_var number;
    4    procedure set_value (pvalue in number);
    5    function get_value return number;
    6  end;
    7  /
  
  Package created.
  
  SQL> create or replace package body mypackage
    2  as
    3    procedure set_value (pvalue in number)
    4    is
    5    begin
    6      mysess_var := pvalue;
    7    end;
    8
    9    function get_value return number
   10    is
   11    begin
   12      return mysess_var;
   13    end;
   14  end;
   15  /
  
  Package body created.
  
  SQL> exec mypackage.set_value(1)
  
  PL/SQL procedure successfully completed.
  
  SQL> select mypackage.get_value
    2    from dual;
  
   GET_VALUE
  ----------
           1