|
-
Help! Modplsql and Session restriction
Hi,
As always we are in a kind of a mess. We have a web application that is implemented using oracle database packages (Oracle Cartridges) on Oracle 9iAS with modplsql. This uses basic authentication mode (using DADs) thus each user loggin in is actually a valid database user.
We have a need to restrict access of the application to single user per user account. We are able to do this as long as he is using the regular web address (First pages) to login. However once into the application the user can always copy the URL pass it on to another machine and he can login using the same user id and password on that machine as well and still have both sessions valid. In effect any number of users can login using a single user id and password.
We are not able to capture the session details through the routines available or rather we are not aware if Oracle provides any methods for session management for modplsql.
Has any one of you worked on similar systems and faced this problem? Any ideas on how to avoid the anamolous behaviour mentioned above?
Your inputs are most welcome.
Thanks in advance for your time.
Thanks
Raz
-
I'm not an expert in mod_plsql but reading your post it looks like "each user loggin in is actually a valid database user" and also it looks like you want "to restrict access of the application to single user per user account".
If the above is correct I'm not sure what prevents you for creating a PROFILE, set SESSION_PER_USER=1 and then assign all your "users" to that PROFILE.
Pablo (Paul) Berzukov
Author of Understanding Database Administration available at amazon and other bookstores.
Disclaimer: Advice is provided to the best of my knowledge but no implicit or explicit warranties are provided. Since the advisor explicitly encourages testing any and all suggestions on a test non-production environment advisor should not held liable or responsible for any actions taken based on the given advice.
-
Pavb
We tried this initially by setting the session_per_user=1 in init.ora file. However this resulted in web page freezing up on login. After successful login the user was able to see the first page served to him however he was unable to navigate any further. Clicking on links on the page froze the application. (our guess - modplsl new db connections are opened each time a request is served?) We then tried a different approach using application logic to control multiple logins however this URL copy has brought us back to square one.
Thanks
Raz
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote