There's an article "PHP Web Auditing, Authorization and Monitoring with Oracle Database" at www.oracle.com/technetwork/articles/dsl/php-web-auditing-171451.html which is all about using oci_set_client_identifier()
(PHP 5.3.2, PHP 7, PECL OCI8 >= 1.4.0)
oci_set_client_identifier — Sets the client identifier
Sets the client identifier used by various database components to identify lightweight application users who authenticate as the same database user.
The client identifier is registered with the database when the next 'roundtrip' from PHP to the database occurs, typically when an SQL statement is executed.
The identifier can subsequently be queried, for example with SELECT SYS_CONTEXT('USERENV','CLIENT_IDENTIFIER') FROM DUAL. Database administration views such as V$SESSION will also contain the value. It can be used with DBMS_MONITOR.CLIENT_ID_TRACE_ENABLE for tracing and can also be used for auditing.
The value may be retained across page requests that use the same persistent connection.
TRUE on success or
FALSE on failure.
Example #1 Setting the client identifier to the application user
// Find the application user's login name
$un = my_validate_session($_SESSION['username']);
$c = oci_connect('myschema', 'welcome', 'localhost/XE');
// Tell Oracle who that user is
// The next roundtrip to the database will piggyback the identifier
$s = oci_parse($c, 'select mydata from mytable');
Some but not all OCI8 functions cause roundtrips. Roundtrips to the database may not occur with queries when result caching is enabled.