Applications Security

administration2 security1 create new tag

Introduction

Preventing Multiple Logins

By default, any user can open multiple sessions in the Oracle Applications. Sometimes this is desirable. For example, it may be convenient for user SYSADMIN to login from multiple computers at the same time. However, some organizations believe this capability is a security threat when multiple logins are available to the average user. Since the HTTP server does not know that a user has initiated multiple sessions, an alternative way must be found to implement multiple login restrictions.

The business event oracle.apps.icx.security.session.created can be used to control multiple logins. When this business event is enabled and subscribed, it has the effect of disabling the prior session(s) as it allows the current session. Some users are surprised by this result because they expect the current login to be denied with a message about the existence of a prior session. However, because of the way HTTP works (i.e. browsers can disconnect without finishing a session and leave the server clueless that the session has ended), the only practical way to proceed is to allow the current connection and disable prior sessions.

Comments

Links

• Related: XXX

This Topic Is Referenced By These Topics:
Related Links:

Was This Topic Useful to You?

Choice

Select ...Very UsefulSomewhat UsefulNo OpinionNot Useful

Somewhat Useful (1)

Collaborating Authors and Reviewers: -- JimCrum - 26 Feb 2009