3.7.3 Hiding the Session ID on Public Pages

Hide the session ID in a URL by making a page public.

By default, all pages require Authentication. However, if a page is public and the user has not signed in, the page URL will not display the session ID.


For security reasons, Oracles recommends that administrators disable Rejoin Sessions unless they implement workspace isolation by configuring the Allow Hostname attribute at the workspace or instance-level. See About Isolating Workspaces.

To specify a page as public:

  1. On the Workspace home page, click the App Builder icon.
  2. Select an application.
  3. At the Application-level, edit the Rejoin Session attribute:
    1. Click the Edit Application Definition button.
      The Application Definition appears.
    2. Click Security.
    3. Under Session Management, set Rejoin Sessions to Enabled for Public Sessions.
    4. Click Apply Changes to save your changes.
  4. At the page-level, edit the Authentication attribute:
    1. View the page in Page Designer.
      The Application Definition appears.
    2. In the Rendering tab, select the page name..
    3. Under Security, for Authentication, select Page is Public.
    4. Click Apply Changes to save your changes.