Let’s start

remember_me_twitter

CREATE TABLE my_custom_users(
   username   VARCHAR2(25 BYTE)
, password   VARCHAR2(250 BYTE)
, token      VARCHAR2(25 BYTE)
);



INSERT INTO my_custom_users(username, password, token)
VALUES (‘DEMO’, my_cust_auth.encodeit(‘DEMO’, ‘demo’), NULL);

COMMIT;

Step 1: setting the cookie during loginremember_me_01

remember_me_02
remember_me_03

Step 2: using the cookie on return

Now, when do we need to read the “REMEMBER_ME” cookie again? Every time the visitor returns to your site/application, has not signed in yet (obviously, as we want to do this automagically) and the cookie is set and holds a token that is known in the user table (assuming that the user is the same again!). I want to perform the check, regardless of the page visited is a public page or a page that requires authentication. The event that should be triggered, if the conditions are met (cookie set and valid, user is public), is the a automatic login, similar to the original login. To perform the check, I will use “PAGE 0”, but lets first create the autologin functionality to be called:
remember_me_04To realize the autologin, I create a new page (103 in example application). This page only contains a “On Load – Before Header” process and one page item. The process only fires, when the request name is “AUTOLOGIN” and calls the build in standard APEX login procedure provided for custom authentication. It uses the page item to “P103_TOPAGE” as target page after successful login, which I will set on the triggering process/branch on page 0, to return to the page the user actually requested in the URL. The username is derived from the cookie (the token belonging to one unique user) using the call OWA_COOKIE.get (‘REMEMBER_ME’); in a stored procedure.

Step 3: automagically do it

remember_me_05a
remember_me_05b
remember_me_05c

I added an extra condition checking for the current page ID to be less or equal to 101, to prevent page 103 from recursively calling itself. Page 102 will be this demo application’s special logout page (see next section). All “normal” pages in this application are assumed to have ID’s in the rage of 1 to 100. You definitely should modify this condition to meet your actual applications page ID ranges.remember_me_08

Step 4: forget me

remember_me_07We need to offer the user a way to logout and remove the cookie. I create a new page, 102, containing one “On Load – Before Header” process and a branch.

The process removes (expires and replaces value with empty string) the cookie and performs the actual logout using WW_FLOW_CUSTOM_AUTH_STD.LOGOUT. The branch will take the user to the (public) Home page (1).
I then specify to use page 102 as the Logout URL of my Authentication Schema.
remember_me_06a
remember_me_06b

Demo and Download

menu-run-128
menu-expimp-128

Possible Enhancements:

The whole mechanism is a rather simple and naïve approach. I just wanted to explain the basic principle of it. There are lots of enhancements and improvements one could think of, and actually, while writing this post I thought of some myself:

  • using pre/post function call of Authentication Schema instead of page processes
  • integrate autologin logic from page 103 to page 101
  • cookie name application variable or dynamically generated
  • investigating the possibility of an autologin authentication plugin

Source Article from http://rokitta.blogspot.com/2012/10/remember-me-apex-autologin.html
Remember Me – APEX Autologin
http://rokitta.blogspot.com/2012/10/remember-me-apex-autologin.html
http://rokitta.blogspot.com/feeds/posts/default
Oracle & Apex Geekery
And another thing …

2 thoughts on “Remember Me – APEX Autologin

  1. Very intersting, but, sorry for that, the most interesting thing I saw here is your “Editor Setting” section to control syntax highlighting! How can I get that?
    Cheers,
    Eric.

    Reply

Leave a Reply