htmldb_get and Session State Protection

On a number of occasions I've used the htmldb_get ajax call to embed the content of another Apex page into the div tag of the current page. The content can then be refreshed dynamically without submitting the entire page - Great :). to do this I create a js function something like

function AjaxReportRefresh(pThis){
var get = new htmldb_Get(null,$x('pFlowId').value,null,2);
get.add('P1_AJAX_ID',pThis.value)
gReturn = get.get(null,'','');
get = null;
$x('AjaxReport').innerHTML = gReturn;
return;
}

However, I like to secure EVERY page in my applications with at least URL checksum protection and the above causes problems if the page providing the dynamic content has any SSP.

The solution is simple, have a separate ajax call to set values and then call the content and then you can secure the page providing the content. The function then becomes:

function AjaxReportRefresh(pThis){
//set session values
var get = new htmldb_Get(null,&APP_ID.,'APPLICATION_PROCESS=dummy',1);
get.add('P1_AJAX_ID',pThis.value)
gReturn = get.get();
get = null;
//get content
var get = new htmldb_Get(null,$x('pFlowId').value,null,2);
gReturn = get.get(null,'','');
get = null;
$x('AjaxReport').innerHTML = gReturn;
return;
}

Comments