Understanding Session State Management

3.5 Understanding Session State Management

Oracle APEX transparently maintains session state and provides developers with the ability to get and set session state values from any page in the application.

What is Session State?
Session state enables developers to store and retrieve values for a user as the user navigates between different application pages.
About Session IDs
A session ID is a unique number assigned a specific user for the duration of that user's visit (session)
What Is a Session?
A session is a logical construct that establishes persistence (or stateful behavior) across page views. Each session is assigned a unique identifier. The Oracle APEX engine uses this identifier (or session ID) to store and retrieve an application's working set of data (or session state) before and after each page view.

Parent topic: App Builder Concepts

3.5.1 What is Session State?

Session state enables developers to store and retrieve values for a user as the user navigates between different application pages.

Hypertext Transfer Protocol (HTTP), the protocol over which HTML pages are most often delivered, is a stateless protocol. A web browser is only connected to the server for as long as it takes to download a complete page. Each page request is treated by the server as an independent event, unrelated to any page requests that happened previously or that may occur in the future. To access form values entered on one page on a subsequent page, the values must be stored as session state. Oracle APEX transparently maintains session state and provides developers with the ability to get and set session state values from any page in the application.

Parent topic: Understanding Session State Management

3.5.2 About Session IDs

A session ID is a unique number assigned a specific user for the duration of that user's visit (session)

The Oracle APEX engine establishes the identity of the user for each page request and the session ID to fetch session state from the database. The most visible location of the session ID is in the URL for a page request. The session ID displays as the third parameter in the URL:

f?p URL Syntax:

https://apex.example.com/ords/f?p=392:3:13766599855150

Friendly URL Syntax:

https://apex.example.com/ords/mycompany/r/hr-app/update-employees?session=13766599855150

In both examples, the session ID is 13766599855150.

Another visible location is in the page's HTML POST data and indirectly in the contents of a session cookie. This cookie is sent by the APEX engine during authentication and is maintained for the life of the application (or browser) session.

APEX assigns new session IDs during authentication processing, records the authenticated user's identity with the session ID, and continually checks the session ID in each page request's URL or POST data with the session cookie and the session record in the database. These checks provide users with flexibility and security.

While the session ID is the key to session state, the session cookie and the session record safeguard the integrity of the session ID and the authentication status of the user.

3.5.3 What Is a Session?

A session is a logical construct that establishes persistence (or stateful behavior) across page views. Each session is assigned a unique identifier. The Oracle APEX engine uses this identifier (or session ID) to store and retrieve an application's working set of data (or session state) before and after each page view.

Because sessions are entirely independent of one another, any number of sessions can exist in the database at the same time. A user can also run multiple instances of an application simultaneously in different browser programs.

Sessions are logically and physically distinct from Oracle database sessions used to service page requests. A user runs an application in a single APEX session from sign in to sign out with a typical duration measured in minutes or hours. Each page requested during that session results in the APEX engine creating or reusing an Oracle database session to access database resources. Often these database sessions last just a fraction of a second.