You have seen how APEX URL carries parameters when branched from one page to another. Session State Protection can prevent users from tampering URL, but it doesn't help much in not showing parameters in URL. Imagine how it could be a security vulnerability when you pass sensitive information like passwords, ssn etc.
Starting with release 3.2, you can use feature called 'Save State before branching' to hide parameters on the URL. This is one of the most useful security enhancements in APEX 3.2.
How to use Save State before branching?
In branch editor, you can set checkbox Save State before branching
Give me an example?
I created a simple page where you can enter name and ssn. When you hit 'Go' button, APEX navigates you to another page which displays the details you entered in previous page.
For this scenario, I created a page (22) with two textfields P22_NAME, P22_SSN and another page (23) with hidden fields P23_NAME, P23_SSN. Go button on page 22 branches to page 23 by setting parameters and uses 'save state before branching' checkbox. On page 23, HTML region displays HTML text using substitution strings &P23_NAME. , &P23_SSN.
Now the URL doesn't show parameters.
Branching is not the only way for navigation in APEX. How does this apply for others?
Good question. In APEX, you can navigate to pages by setting parameters using column links as well. In column link target field, you can specify page or target URL. Unfortunately Oracle did not provide 'save state' for column links, that means parameters are shown in URL when navigated to other pages using column links.
You can still do a workaround using hidden items and JavaScript, if this feature is a must to go forward with your application. It won't be clean solution, but I'll try to experiment with it.
URL for the page:
This example can be accessed using the url http://apex.oracle.com/pls/apex/f?p=15944:22
Comments
1) In link settings choose URL as target and put this as the URL text: [removed]doSubm it('REQUEST1')
2) Create a branch to any page, check the save state check box, set condition type: "Request = Expression 1" and put this as Expression 1 value: REQUEST1
can u please help me up fiding solution on this
http://forums.oracle.com/forums/thread.jspa?threadID=1045255&tstart=0
Thank you
I have tried this example using item source on page 23 is "Always, replacing any existing value in session state" but it will not display value.
But when i change the item source to "Only when current value in session state is null" it will display correct result.
Is there are issue related to item source or Save State before branching.
Tha nks in advance
RSS feed for comments to this post