Access to SessionBundle

We are currently using DevForce Classic (3.7.5.0)  on one of our applications.

 

We are interested in adding some level of session tracking in our app so that a single concurrent instance of a user login can be detected and enforced.  We would like to do this in the BOS if we can.

 

I see that the PersistenceManager login returns to the client a SessionBundle containing a unique SessionKey Guid along with the Principal.

It would be advantageous if we could get to that SessionKey in the server-side methods, SaveSecurityCheck and QuerySecurityCheck, and do some validations on a database session record using that key.

Is there a way from the business object's SaveSecurityCheck method we can get to the SessionBundle from the PersistenceManager's reference?

 

Upon login I see that the SessionManager maintains a dictionary of  SessionKey, Principal.  While logout removes the SessionKey entry from the dictionary.  How long does this table persist?  If the client did not properly logout due to client-side abnormal termination does this mapping table periodically cleans itself?

 

Is there any  functionality on the server that we can tap into to leverage this internal BOS SessionKey table  ?

 

Are there any alternatives you can propose with this version of DevForce to address our login concurrency requirement?

Typically how I've handled scenarios like this before is a lot simpler than using the session bundle.

When a user logs in we set a timestamp on the user table field to the current time, and update this every X amount of seconds (15-30 typically). If someone else tries to log in with those credentials and the time now vs the timestamp field is less than the update interval, we know the user is still logged in. When the user logs out properly this time field can be set to null, if for some reason they time out and there is not a proper logout sequence, the worst case is they can't log back in for 15-30 seconds.