3.8.3 Hiding the Session ID on Public Pages

Hide the session ID in a URL by making a page public.

By default, all pages require Authentication. However, if a page is public and the user has not signed in, the page URL will not display the session ID.

Tip:

For security reasons, Oracles recommends that administrators disable Rejoin Sessions unless they implement workspace isolation by configuring the Allow Hostname attribute at the workspace or instance-level. See About Isolating Workspaces.

To specify a page as public:

1. On the Workspace home page, click the App Builder icon.
2. Select an application.
3. At the Application-level, edit the Rejoin Session attribute:
   1. Click the Edit Application Definition button.
      The Application Definition appears.
   2. Click Security.
   3. Session Management, Rejoin Sessions - Select Enabled for Public Sessions.
   4. Click Apply Changes to save your changes.
4. At the page-level, edit the Authentication attribute:
   1. View the page in Page Designer.
      The Application Definition appears.
   2. In the Rendering tab, select the page name.
   3. Security, Authentication - Select Page is Public.
   4. Click Apply Changes to save your changes.

See Also:

• About Rejoin Sessions
• About Enabling Support for Bookmarks
• Session Management
• Configuring Rejoin Sessions for a Page
• Configuring Rejoin Sessions for an Instance in Oracle APEX Administration Guide