Session storage API
|
Session storage API |
|
This topic presents conceptual and working information about the wwsto_api_session API package. Information is presented in these sections:
The session storage API provides a server-side mechanism for storing temporary data and making the data available to other parts of an application. Oracle Portal automatically creates session storage for each module in an application, and for each user of the application. When the user's session ends, the data is automatically removed from the system in a form of garbage collection. Server-side session storage reduces the need to use client-side mechanisms such as browser cookies or hidden HTML form fields to store this type of information. Session storage allows you to:
The session object is the unit of session storage for an application working in Oracle Portal. Developers may access this object to access and manipulate temporary data for the session the user is currently running. Working with the session object The general procedure for working with the session object is:
Typically this sequence occurs within the scope of one client routine that extracts and/or sets all of the client states. For example:
The login session that creates the session storage object is defined by wwctx_api.get_sessionid. Attribute values within a session are stored in native form. For example, the attribute may have been defined to use the logical type CURRENCY, which has a native implementation type of NUMBER. Functions within the session storage object permit setting and returning attribute values in either native form or in a string representation of the logical type. The session storage methods access all of the functionality of the session storage object. These methods take the case-insensitive name of the attribute to set or get the perform the required action. For example: The session storage methods access all of the functionality of the session storage object. These methods take the case-insensitive name of the attribute to perform the required action.
Data in the session store is visible to all code that executes during a user's session. This includes Oracle Portal internal code as well as plug-in modules such as a provider, a plug, or the methods of a customer application. Due to the potential visibility to other code that might run during the user's session, data meant to be secure should not be stored in session storage. The storage allocated by a session storage object is visible only within the scope of the login session that created it. Therefore, it is not possible for multiple users to share the same session, or for a single user operating multiple login sessions to access sessions across the login session boundary. New or modified elements of the session storage are cached in memory until the save_session method is called. As a result, is is possible for a browser performing multiple simultaneous actions to see an inconsistent view of the data in session storage. Session storage objects should be saved frequently. To guarantee consistency of the data, clients should re-load the session after every save. In addition, a save should be performed immediately after session attributes are created/modified. After creation, sessions exist until they are explicitly dropped by calling the drop_session method, or are implicitly dropped because the user logged off the system (either explicitly or implicitly). It is the responsibility of the callers of the session storage object to ensure that any critical data is copied to more permanent storage before the session is removed. Session storage uses the callers transaction scope to perform all loading and saving operations. Version Oracle Portal 3.0.6.6.5 | |||||||||||
|
The PL/SQL API Reference is part of the Portal Developer Kit on Portal Studio |