cObject
---cBaseWebComponent
------cWebComponent
---------cWebSessionManager
------------cWebSessionManagerStandard
The DataFlex Web Framework is designed to perform session management services via a global session manager object. The cWebSessionManagerStandard class provides built-in session management, user login and rights management.
When you create a new web application via the WebApp Project Wizard the Studio will create a session manager object based on the cWebSessionManagerStandard class. It also creates a WebAppSession database table for storing client session keys, a WebAppUser database table for storing valid user ID and password and a standard user login dialog.
The WebAppUser table is pre-loaded with two user accounts: an administrator (User ID: "admin", Password: "admin"), and a guest (User ID: "guest", Password: "guest").
Your application's session manager object is available via the ghoWebSessionManager global object handle.
Use cWebSessionManagerStandard.pkg Object oSessionManager is a cWebSessionManagerStandard End_Object
Normally you do not need to declare a session manager object. The New Web App Wizard will generate a session manager based on the cWebSessionManagerStandard class and include it in your application.
When a WebApp is first loaded to the client the session manager will create a unique session key that is returned and stored at the client. Each subsequent server call from this client will be accompanied by this session key.
Session keys are stored on the client using a session cookie and will accompany each call to your WebApp from the client's browser until the browser is closed.
The generated session key and client address are stored in the WebAppSession table. This data will be used in subsequent calls from the client to validate the session key of the incoming call.
Augment the CreateSession method to perform additional tasks whenever a new client session is created.
Each server call received from a client is verified using the session key attached to that call. To be considered a valid session the session key must already be stored in the WebAppSession table. In addition the session key must:
- Be marked as active. Send EndSession to deactivate a session key.
- Not have exceeded the session timeout. Set piSessionTimeout to determine how long a session key may remain inactive.
If user login support is activated (see User Login Support below), then the session must be linked to a verified user account in the WebAppUser table.
After a session is verified the session manager's psUserName property is set to the verified user ID, the psLoginName property to the user's full name and the piUserRights property to the user's rights level.
Augment the ValidateSession method to perform additional tasks while a session key is being validated.
Get psSessionKey to retrieve the session key of the currently connected client. This property is set each time a server call is validated.
User login support is activated in your web application by setting peLoginMode to lmLoginRequired in your cWebApp object. Typically, your application will also define a modal dialog that will handle the user interface for logging in a certified user. In this case, you should set the phoLoginView property of your cWebApp object to the object handle of this modal dialog object. See cWebApp for more information.
The session manager provides the following user login services:
Send RequestLogin to activate your application's login dialog. If login services are activated, this is performed automatically when the web application is first loaded to a client. The entered User ID and password will be verified by the session manager. If the ID & password are accepted then the User ID will be attached to the current session key and the OnChangeRights event will be fired.
OnChangeRights can be augmented in your cWebApp object, menu objects, etc, to perform special rights management tasks. See OnChangeRights for more information.
Augment AllowViewAccess to control whether the currently logged in user has rights to a particular view or modal dialog. The allow access logic can be implemented globally in the session manager object or augmented in each appropriate view, or both. See cWebView for more information.
Send RequestLogout to end the current session, create a new session key, and reload the web application at the client.
Your session manager is already configured so that the Session ID will expire after a certain period of inactivity. Set piSessionTimeout to determine the number of minutes a session can remain inactive before the Session ID is deactivated. By default this is set to timeout after 480 minutes. This means if a client does not access the webapp for 480 minutes they will need to login again and be assigned a new session ID in order to continue to access the web application.
See AlsocWebSessionManager | cWebAppSessionDataDictionary | cWebAppUserDataDictionary