>As for session variables, again, the app-server is managing these. I 'm
not
>exactly sure how, but I 'm guessing that each web client gets a unique
client
>id that it shares with the app-server for each transaction. Session
>variables are probably managed via this client id.
If you look at the access logs under (infrastructure and midtier
homes)\apache\apache\logs you can see how SSO is handling login requests
and tokenizing requests to the db server. So you can see that there is
a different user for the transactions and assume the database is
handling at least the rollbacks correctly. The app-server is a less
mature product, so there may be more suspicion in what it manages. I
know I 've seen weirdnesses in webcache with portal, for sure. I would
be surprised if anything as stupid as confusing transactions is
happening, that would be a security transgression beyond anything seen
so far. Of course, confusing transactions with the same user might be a
feature :-)
Personally, I 've seen several cases on the web, where I assume they are
not using Oracle, where I 've suddenly found myself logged in as someone
else, doing things like modifying their public resumes. What is most
amazing is the effen support people won 't believe there is a problem! I
usually make some minor change down near the bottom and notify the other
person to complain to the site. One guy was a DBA at a place I had
applied to...
>Please please please someone correct me. Lots of assumptions in this
>response.
Well, if Oracle would document what is really going on, we wouldn 't have
to assume so much. Also, some people 's past rants about handling things
in the database versus in applications might apply here.
