Apex &Cookie

Monster

Christian Rokitta

Apex &Cookie

Monster

Christian Rokitta

This presentation uses cookies.

EU regulations require us to gain your consent before continuing.

No, thanks Accept

Agenda

• Cookie Basics• Anatomy of a Cookie• Cookies in APEX• Use Case:

Another Approach to Authentication

Cookie Basics - HTTP

What are Cookies…. Really?

• Small bits of text data that are stored in and shared by the browser.

• Can be for any purpose:

Are Cookies Bad For You?

• Cookies have been given a bad reputationo Developer Designso Hackerso Advertisers

• Cookies can be useful• As with real cookies …

Too many is probably not good for you

Anatomy of a Cookie

Domain

• Cookies from different sites are separated by Domain

• Browsers only send cookies for the current domain

• Super Cookies (*.com, *.org) are (and should be) blocked by most browsers

Path

• Setting a Path dictates when a cookie is sent by the browser.

• Path cookies are hierarchical, meaning that cookies at higher path value will be sent when lower paths are requested

Example: hbp://domain/applica6on/area/sub_area

Cookie for: /applica6on/area/sub_areaCookie for: /applica6on/areaCookie for: /applica6onCookie for: /

Expires

• Session: When the browser is closed, the cookie value will be lost

• Date: Configurable date to allow persistence of a cookie after the browser has been closed

HTTP_ONLY

• Modern browsers respect the separation of cookies that should not be available to JavaScript

• Reduces the risk of malicious JavaScript from reading or adjus6ng the cookie values

Secure

• Only sent (by browser) when using HTTPS

• Secure cookies can be received via HTTP

Tools

• Different browsers provide different tools

• Cookies can be added, removed, and edited

• Most modern browsers will include easy visibility into the cookies being used

APEX & Cookies

Page Render

• “I just did set it! Where did it go …?”

• You cannot read a cookie that you just did set to use in your current page rendering

Why use?

The reason cookies are not seen as valuable to APEX users is because of easy DB access and session framework.

How can cookies provide value to an APEX application?

Demo – Cookie Authentication

PL/SQL Packages

• SYS.UTL_HTTP is not available(by default grants)

• OWA_COOKIE• OWA_UTIL

OWA Cookie Record

TYPE vc_arr IS TABLE OF VARCHAR2(4000) INDEX BY BINARY_INTEGER;

TYPE COOKIE IS RECORD ( name VARCHAR2(4000), vals vc_arr, num_vals INTEGER);

APEX JavaScript API

• apex.storage.getCookie(pName)

• apex.storage.setCookie(pName,pValue)

Resources & Kudos

• Demo Applicationhttps://apex.oracle.com/pls/apex/f?p=63242:1::::::

• Blog Post (explaining the demo application)http://rokitta.blogspot.nl/2012/10/remember-me-apex-autologin.html

• Many thanks to: Tim St. Hilaire, the original Cookie Monsterhttp://wphilltech.com/apex-authentication-with-cookie/

Fragen & Antworten

http://rokitta.blogspot.com

@crokitta

christian@rokitta.nl

http://www.themes4apex.com

? ? ?

http://plus.google.com/+ChristianRokitta

http://nl.linkedin.com/in/rokit/