Re: package session vars/ logins

On Oct 15, 8:36 am, "Vladimir M. Zakharychev"
<vladimir.zakharyc...@xxxxxxxxx> wrote:
On Oct 15, 7:01 am, Jake <jgarfi...@xxxxxxxxxxxxx> wrote:

Would it be a realistic usage of package vars to hold, for example, a
userid of a current logged in user?

Say, for example, if I had a table of usernames, passwords, and
userids. I could have the person using the application log in and
check their user name and password in a table (basically handling the
login myself). From that point they can access that user's data.
Once the session ends their access to data ends too.

This is how I would do it in PHP/MySql (w/ PHP session vars) or
VB .NET/Sql Server. Not sure if the example translates though, or
would you want a separate Oracle username for each person?

Also, what are some other realistic uses of package vars? thanks.

If the session is persistent (that is, the session is not shared
between different users,) then yes, you can do it that way; though I
would rather use a user-defined session context for this (research
CREATE CONTEXT in the docs.) One good reason for using contexts is
that sys_context() in a query is treated as a bind variable by the CBO
(mostly for efficient FGAC policy implementations, but applies equally
well wherever you use dynamic SQL.) Another good reason is that
contexts are more secure: only single authorized package or procedure
in the database may add or alter values in certain context (for
example, the package where you handle user login - check credentials,
determine access rights, etc.,) while packaged variables can be
altered by the user anytime (don't expect that users will always use
only your front-end to connect to the database, plan for the smartest
of them. :))

Regards,
Vladimir M. Zakharychev
N-Networks, makers of Dynamic PSP(tm)
http://www.dynamicpsp.com

okay. thanks.

I'm still not sure why I would want to use session persistence in
package vars, or why it is such a great thing.

Can some on sell me on session persistence? What would I want to do
with it?


.

Relevant Pages

  • Re: package session vars/ logins
    ... Say, for example, if I had a table of usernames, passwords, and ... Once the session ends their access to data ends too. ... what are some other realistic uses of package vars? ... CREATE CONTEXT in the docs.) ...
    (comp.databases.oracle.server)
  • Re: A transactionally consistent view on real-time data with MicroStrategy
    ... Create a context:, ... I tried using a global temporary table for storing a session specific ... and referencing a session specific package global variable in the "AS ... also post it to the MSTR user forums. ...
    (comp.databases.oracle.server)
  • Re: gnome-session: does not restore session - could be "upgrade bug"
    ... package is broken, usage method unavailable. ... Session is not saved nor is it restored. ... I'm not sure how to diagnose it - gnome-session is a little ... ii libgnomeui-0 2.24.0-0ubuntu1 The GNOME 2 libraries ...
    (Ubuntu)
  • Re: notice and warning
    ... $_SESSION so you have it easy at hand on some other pages. ... The userid contains the userid of the currently logged in user. ... You don't ask your already logged-in users for their username/password for every page they visit I hope? ... i ensure the userid from post/get/cookie never comes into play by unsetting those named variables that overlap... ...
    (comp.lang.php)
  • Re: Create Outlook Contacts
    ... I identified the possible set methods to set named properties in the context ... Session session = new Session; ... //Set to display at Ms Outlook Contacts ...
    (microsoft.public.win32.programmer.messaging)
Loading