Skip to Main Content

APEX session isolation across multiple browser tabs

Joel Kallman wrote an interesting article about a new request (introduced in Application Express 5.1) named APEX_CLONE_SESSION.
It can be found at https://joelkallman.blogspot.com/2016/07/apex-session-isolation-across-multiple.html.

"When requested from an existing APEX session, this will generate a new APEX session identifier and associate it with the existing browser session cookie. Additionally, it will copy all of the session state values from the old session to the new session. You, the developer, would have to provide a link for your end users to open up new browser tabs, and include APEX_CLONE_SESSION in the request of the URL. So instead of your end users manually opening up a new tab from your APEX application, you would have to give them a prescribed way to open new tabs - could be a dynamic action or a button or a link. The URL in the new tab should include APEX_CLONE_SESSION in the "Request" portion of the APEX URL."

JavaScript solution to automatically redirect

Sam Khalaf wrote a very nice article on the same subject, including a solution to automatically redirect if needed.
It can be found at http://thinkoracleapex.blogspot.com/2018/10/apex-multi-tab-session-collision-issue.html.

"The key idea is that you want to somehow associate each active APEX session ID with its current window/tab and be able to validate that association upon rendering each page of your applications (you may need to make some exclusions, but let’s not worry about this for now). Then, whenever your APEX application is rendered in a browser/tab, you want to add some sort of validation (before rendering the page) that checks if the corresponding APEX session ID is already associated with some other window/tab (i.e. open in another window/tab). If not, then the page will be rendered normally, after associating the current browser/tab with the current APEX session ID so other windows/tabs know that this APEX session ID is already used and associated with this window/tab. If APEX session ID is already associated with another window/tab, then it won’t complain about it nor will it throw an error informing users that they can’t open same APEX session in multiple windows/tabs. Instead, it will peacefully render that APEX page but seamlessly assign a new APEX session to it by programmatically utilizing APEX_CLONE_SESSION request."

This works like a charm; I have changed his code slightly, so it is smaller than 4000 characters - useful if you want to use it in a Dynamic Action.