3.7.3 Hiding the Session ID on Public Pages

Hide the session ID in a URL by making a page public.

By default, all pages require Authentication. However, if a page is public and the user has not signed in, the page URL will not display the session ID.

Tip:

For security reasons, Oracles recommends that administrators disable Rejoin Sessions unless they implement workspace isolation by configuring the Allow Hostname attribute at the workspace or instance-level. See "About Isolating Workspaces."

To specify a page as public:

1. On the Workspace home page, click the App Builder icon.
2. Select an application.
3. At the Application-level, edit the Rejoin Session attribute:
   1. Click the Edit Application Properties button.
      The Application Definition appears.
   2. Click Security.
   3. Under Session Management, set Rejoin Sessions to Enabled for Public Sessions.
   4. Click Apply Changes to save your changes.
4. At the page-level, edit the Authentication attribute:
   1. View the page in Page Designer.
      The Application Definition appears.
   2. In the Rendering tab, select the page name..
   3. Under Security, for Authentication, select Page is Public.
   4. Click Apply Changes to save your changes.

See Also:

• "About Rejoin Sessions"

• "About Enabling Support for Bookmarks"

• "Session Management"

• "Configuring Rejoin Sessions for a Page"

• “Configuring Rejoin Sessions for an Instance" in Oracle Application Express Administration Guide