3.7.3 Hiding the Session ID on Public Pages
Hide the session ID in a URL by making a page public.
By default, all pages require Authentication. However, if a page is public and
the user has not signed in, the page URL will not display the session ID.
Tip:
For security reasons, Oracles recommends that administrators disable Rejoin Sessions unless they implement workspace isolation by configuring the Allow Hostname attribute at the workspace or instance-level. See "About Isolating Workspaces."
To specify a page as public:
- On the Workspace home page, click the App Builder icon.
- Select an application.
- At the Application-level, edit the Rejoin Session attribute:
- At the page-level, edit the Authentication attribute:
See Also:
-
“Configuring Rejoin Sessions for an Instance" in Oracle Application Express Administration Guide
Parent topic: Understanding URL Syntax