This page makes part of the security theme and talks authentication implementation in Apex.
Once a user has been identified, the Application Express engine keeps track of each user by setting:
See Session state scope to understand why.
Login processing has the following steps:
See IS_SESSION_VALID function
You can use the APEX_CUSTOM_AUTH package to perform various operations related to authentication and session management.
The status set using this procedure is visible in the apex_user_access_log view and in the reports on this view available to workspace and site administrators.
CREATE OR REPLACE FUNCTION MY_AUTH(
p_username IN VARCHAR2,
p_password IN VARCHAR2)
RETURN BOOLEAN
IS
BEGIN
APEX_UTIL.SET_CUSTOM_AUTH_STATUS(p_status=>'User:'||p_username||' is back.');
IF UPPER(p_username) = 'GOOD' THEN
APEX_UTIL.SET_AUTHENTICATION_RESULT(24567);
RETURN TRUE;
ELSE
APEX_UTIL.SET_AUTHENTICATION_RESULT(-666);
RETURN FALSE;
END IF;
END;