We are going to go with DBMS_SESSION. The application(s) will establish and clear the context for each = connection (looks good on paper!!). Thank you again for your input !!! -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]On Behalf Of Thomas Day Sent: Monday, May 23, 2005 10:30 AM To: Christian Antognini Cc: oracle-l@xxxxxxxxxxxxx Subject: Re: Auditing original user in an n-tier environment On 5/23/05, Christian Antognini <Christian.Antognini@xxxxxxxxxxxx> = wrote: >=3D20 >=3D20 > >We are fighting the exact same fight. Oracle provides a mechanism > >with DBMS_SESSION.set_context and sys_context. However, this is not = a > >magic bullet. We have a web-based application with pooled > >connections. >=3D20 > Tom >=3D20 > Do you use global contexts? >=3D20 >=3D20 > Chris >=3D20 Global context isn't the issue --- though it's what I would use. The Web is state-less. With each new page it picks the next connection available to communicate with the database. If you have a 10 connection pool, during a single session with the application one user could end up using all 10 connections --- maybe even twice over. With each new connection it is the application's job to establish the context for that connection (not session) with the Oracle database. Currently we are using a home-rolled mechanism that mimics = Oracle's.=3D20 It's no better or worse, just very poorly documented and no knowledge of how it works exists ourside the current group of contractors. I guess that you'd call it job security. -- //www.freelists.org/webpage/oracle-l -- //www.freelists.org/webpage/oracle-l