APEX & Cookie Monster
-
Upload
christian-rokitta -
Category
Software
-
view
110 -
download
5
Transcript of APEX & Cookie Monster
Apex &Cookie
Monster
Christian Rokitta
Apex &Cookie
Monster
Christian Rokitta
This presentation uses cookies.
EU regulations require us to gain your consent before continuing.
No, thanks Accept
Agenda
• Cookie Basics• Anatomy of a Cookie• Cookies in APEX• Use Case:
Another Approach to Authentication
Cookie Basics - HTTP
What are Cookies…. Really?
• Small bits of text data that are stored in and shared by the browser.
• Can be for any purpose:
Are Cookies Bad For You?
• Cookies have been given a bad reputationo Developer Designso Hackerso Advertisers
• Cookies can be useful• As with real cookies …
Too many is probably not good for you
Anatomy of a Cookie
Domain
• Cookies from different sites are separated by Domain
• Browsers only send cookies for the current domain
• Super Cookies (*.com, *.org) are (and should be) blocked by most browsers
Path
• Setting a Path dictates when a cookie is sent by the browser.
• Path cookies are hierarchical, meaning that cookies at higher path value will be sent when lower paths are requested
Example: hbp://domain/applica6on/area/sub_area
Cookie for: /applica6on/area/sub_areaCookie for: /applica6on/areaCookie for: /applica6onCookie for: /
Expires
• Session: When the browser is closed, the cookie value will be lost
• Date: Configurable date to allow persistence of a cookie after the browser has been closed
HTTP_ONLY
• Modern browsers respect the separation of cookies that should not be available to JavaScript
• Reduces the risk of malicious JavaScript from reading or adjus6ng the cookie values
Secure
• Only sent (by browser) when using HTTPS
• Secure cookies can be received via HTTP
Tools
• Different browsers provide different tools
• Cookies can be added, removed, and edited
• Most modern browsers will include easy visibility into the cookies being used
APEX & Cookies
Page Render
• “I just did set it! Where did it go …?”
• You cannot read a cookie that you just did set to use in your current page rendering
Why use?
The reason cookies are not seen as valuable to APEX users is because of easy DB access and session framework.
How can cookies provide value to an APEX application?
Demo – Cookie Authentication
PL/SQL Packages
• SYS.UTL_HTTP is not available(by default grants)
• OWA_COOKIE• OWA_UTIL
OWA Cookie Record
TYPE vc_arr IS TABLE OF VARCHAR2(4000) INDEX BY BINARY_INTEGER;
TYPE COOKIE IS RECORD ( name VARCHAR2(4000), vals vc_arr, num_vals INTEGER);
APEX JavaScript API
• apex.storage.getCookie(pName)
• apex.storage.setCookie(pName,pValue)
Resources & Kudos
• Demo Applicationhttps://apex.oracle.com/pls/apex/f?p=63242:1::::::
• Blog Post (explaining the demo application)http://rokitta.blogspot.nl/2012/10/remember-me-apex-autologin.html
• Many thanks to: Tim St. Hilaire, the original Cookie Monsterhttp://wphilltech.com/apex-authentication-with-cookie/
Fragen & Antworten
http://rokitta.blogspot.com
@crokitta
http://www.themes4apex.com
? ? ?
http://plus.google.com/+ChristianRokitta
http://nl.linkedin.com/in/rokit/