A nice enhancement in the new ApEx version 3.2 is that you can set autocomplete off under page security. AutoComplete in HTML forms stores information entered into INPUT_text, the next time that a user visits your Web page a list of previously used data will appear.
Go to Edit Page -> Page Attributes -> Security and you will see the new option Form Auto Complete.
The default value when creating a page is “On”, setting it to “Off” will generate autocomplete=”off” in your page FORM tag, now a user will not see a list of previously entered data anymore.
If you are planning to play the new Oracle APEX 3.2 version then be sure to checkout the new security feature Session Timeout.
Session Timeout will automatically invalidate your apex session if you use it. You can find session timeout under Shared Components -> Edit Security Attributes where you have have 2 options:
- Maximum Session Length: setting this property will allow you to define how long a user can use his session when logging in into your application, after witch the user will be forced to login again.
- Maximum Session Idle Time: Setting this property will define how many seconds a user can be idle before his/her session will be invalidated and the user will be forced to login again.
Optionally you can set a logout URL where you will redirect the user to, if the URL is an ApEx page then remeber to redirect the user to a public page.
The documentation of this new feature says that you can use three substitution items for your url: &APP_SESSION., &SESSION., and &APP_ID., although the session substitution items would probably have little value seeing the session has ended.