1

I have an application in which before every release we lock all users. Once locked, user cannot login. But if the user is already logged in and then I lock the user, the user will be able to continue until sessions ends.

I'm trying to have a feature so that when I lock all users, all current active sessions of that app should be logged out or ended.

I have tried looping for all active sessions and executing apex_authentication.logout and passing session ID and app ID for each of them. Somehow if doesn't end session of anybody except the user performing the process.

Arif Sher Khan
  • 461
  • 4
  • 12
  • If possible, shutdown the database - it'll *kill* everyone. Start it up again; users are already locked so they won't be able to establish new connection, you'll upgrade the application, unlock users and let them log in again. – Littlefoot Dec 24 '22 at 19:45
  • @Littlefoot can't shutdown database. There are many other systems in same database. – Arif Sher Khan Dec 24 '22 at 23:07

2 Answers2

1

Instead of using logout, apex_authentication.logout I'm using apex_session.delete_session. It's not 'really' a logout, but does does the job of stopping current user session. Refer https://docs.oracle.com/database/apex-18.1/AEAPI/APEX_SESSION.htm#AEAPI-GUID-E37F7000-633D-466C-BA8F-0051EDB7A0CC

Arif Sher Khan
  • 461
  • 4
  • 12
0

Given your reference to apex_authentication.logout, I'm assuming that you're dealing with an APEX application. In my experience, you don't worry about ending user sessions or locking users when performing an upgrade on an APEX app. Instead, you change the Build Status of the application to "Unavailable" in the "Manage Service / Application Build Status" page of the APEX workspace. This renders the application inaccessible to all users, immediately. After the upgrade, change the status back to "Available".

pmdba
  • 6,457
  • 2
  • 6
  • 16
  • Yes, I thought about it. But I want to keep application available for specific users to perform some operations. – Arif Sher Khan Dec 25 '22 at 19:36
  • Then set the app to restricted access in the same place and only allow those users in. You could also set the idle timeout on sessions to something ridiculous like a few seconds; that would drain the active sessions a lot faster once accounts are locked. – pmdba Dec 25 '22 at 20:25
  • I checked for Restricted access just now and its for "Application is available to developers named in the Restrict to comma separated user list." I am aiming to make application available to few selected users who're business owners not developers, and rest (other business owners) should not have access. Also developer won't have access to production apps. Although I'll try with timeout. – Arif Sher Khan Dec 25 '22 at 21:18