'Page Unload' triggers too late

Well... too late is a bit odd to say. Because it does NOT triggers too late, it triggers when the page is unloaded!

You can define a dynamic action which reacts on the 'Page Unload' trigger like this:

Most of the times very useful but say, in the hypothetical situation, you want to save your form data when the user presses log off (or the nice button with the little cross in the top corner of their browser window) it doesn't work quite well.

And that has all to do with sessions. Once you logged off you immediately are being directed to the new log on window with a new session ID and the event cannot be handled correctly anymore.
Not to speak of when you close the browser window.

So what's next?

In  APEX 4.2 it is possible to react on a custom event. So should it be possible to react on an event triggered by the 'window' object? Yes it should!

Let's change the event type in the example to 'Custom':

In my opinion the 'Custom Event' field is placed to high and it should be placed underneath the 'DOM Object' field. So let's start with the 'Selection Type'...
You can choose all the known types e.g. item, button, region etcetera. In my example I will use the 'DOM Object'. As an object I will choose 'window' and as a 'Custom Event' the 'beforeunload' event is used.

The beforeunload trigger possibly will fire to often in this example (reload, leave, submit, close) so you can use a JavaScript condition if you want it to fire only in the right situation.

It works like a charm for me :), hope it helped you too.

About Password Expiration in Oracle Database 11g

In the Apex Installation Guide you will find the following paragraph:

"In the default profile in Oracle Database 11g, the parameter PASSWORD_LIFE_TIME is set to 180. If you are using Oracle Database 11g with Oracle Application Express, this causes the password for APEX_PUBLIC_USER to expire in 180 days. As a result, your Oracle Application Express instance will become unusable until you change the password.

To prevent this behavior, create another profile in which the PASSWORD_LIFE_TIME parameter is set to unlimited and alter the APEX_PUBLIC_USER account and assign it to the new profile."

Of course with a little help from google you can find out how to do this. I summarized it for you:

First let's see what the limits of the default profile (or the profile of your APEX_PUBLIC_USER) are:

select resource_name
      ,limit
  from dba_profiles
 where profile = 'DEFAULT';

It will result in something like this:

RESOURCE_NAME                    LIMIT
-------------------------------- -------------------------------------
COMPOSITE_LIMIT                  UNLIMITED
SESSIONS_PER_USER                UNLIMITED
CPU_PER_SESSION                  UNLIMITED
CPU_PER_CALL                     UNLIMITED
LOGICAL_READS_PER_SESSION        UNLIMITED
LOGICAL_READS_PER_CALL           UNLIMITED
IDLE_TIME                        UNLIMITED
CONNECT_TIME                     UNLIMITED
PRIVATE_SGA                      UNLIMITED
FAILED_LOGIN_ATTEMPTS            10
PASSWORD_LIFE_TIME               180
PASSWORD_REUSE_TIME              UNLIMITED
PASSWORD_REUSE_MAX               UNLIMITED
PASSWORD_VERIFY_FUNCTION         NULL
PASSWORD_LOCK_TIME               1
PASSWORD_GRACE_TIME              7

There are two options. First you can change the default profile, but the profile of the other users will change accordingly and that may be a security vulnerability. But this is how you do it:

alter profile default limit
   password_life_time unlimited;

Second, and my favorite, add a new profile and link it to the APEX_PUBLIC_USER user:

create profile apex_public limit
   password_life_time unlimited;

alter user apex_public_user
   profile apex_public;

The first query will create a new profile with all limits to default except the password_life_time. The second one changes the profile of the APEX_PUBLIC_USER.

And... don't forget to change the profile for your APEX_LISTENER and APEX_REST_PUBLIC_USER.