Connection Pooling and Oracle Seesion

Question

Before I start with my question, I would like to clarify that I am a DB developer and have limited understanding of things on Java/J2EE side.

Ours is a web application (n-tier with app server/web server). We are using connection pooling to manage connections to the database. I have limited understanding of connection pooling - App server manages connections for applications, lets the application get a connection from a pool, return the connection once its done back to the pool.

Let's say that I follow these steps - 
1. Let's say that I log in the application
2. Application requests for a connection from connection pool to authenticate me
3. Once authentication is done, App server will return the connection back to pool
4. I browse to a page where I have to do some CRUD operation and let's say that I am updating some data on the page.
5. App Server will again request for a connection from Pool
6. Application will process the data using the connection.

Here is my problem statement -

Let's say that I have to capture audit information using triggers (on the tables which are undergoing update). One of the attribute which I need to capture is username (logged in user).

I set a global package variable when I log in (step 1 - 3), which stores the logged in user name. My trigger is going to read the global package variable for the username . Since the connections are not going to remain same (connection pool manages connection), will my global package variable be available when I am processing the trigger?

What will happen to the variable (it obviously depends on answer to first question) when multiple users are logged in and accessing the application?

I tried to look around but have not been able to get clear answer to my doubts.

Pardon me, if my question is not clear. Let me know and I can edit to provide more information.

Answer 1

You can use CLIENT_IDENTIFIER attribute to preserve the actual user who logged in to the application.

Please find below more information from Oracle documentation:

Support for Application User Models by Using Client Identifiers

Many applications use session pooling to set up a number of sessions to be reused by multiple application users. Users authenticate themselves to a middle-tier application, which uses a single identity to log in to the database and maintains all the user connections. In this model, application users are users who are authenticated to the middle tier of an application, but who are not known to the database. Oracle Database supports use of a CLIENT_IDENTIFIER attribute that acts like an application user proxy for these types of applications.

In this model, the middle tier passes a client identifier to the database upon the session establishment. The client identifier could actually be anything that represents a client connecting to the middle tier, for example, a cookie or an IP address. The client identifier, representing the application user, is available in user session information and can also be accessed with an application context (by using the USERENV naming context). In this way, applications can set up and reuse sessions, while still being able to keep track of the application user in the session. Applications can reset the client identifier and thus reuse the session for a different user, enabling high performance.

You can set the CLIENT_IDENTIFIER in java using the following code snippet:

public Connection prepare(Connection conn) throws SQLException { String prepSql = "{ call DBMS_SESSION.SET_IDENTIFIER('userName') }"; CallableStatement cs = conn.prepareCall(prepSql); cs.execute(); cs.close(); return conn; }