New Posts New Posts RSS Feed: Access to SessionBundle
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

Access to SessionBundle

 Post Reply Post Reply
Author
Louis View Drop Down
Newbie
Newbie


Joined: 28-Sep-2010
Posts: 5
Post Options Post Options   Quote Louis Quote  Post ReplyReply Direct Link To This Post Topic: Access to SessionBundle
    Posted: 14-Nov-2012 at 8:23pm

We are currently using DevForce Classic (3.7.5.0)  on one of our applications.

 

We are interested in adding some level of session tracking in our app so that a single concurrent instance of a user login can be detected and enforced.  We would like to do this in the BOS if we can.

 

I see that the PersistenceManager login returns to the client a SessionBundle containing a unique SessionKey Guid along with the Principal.

It would be advantageous if we could get to that SessionKey in the server-side methods, SaveSecurityCheck and QuerySecurityCheck, and do some validations on a database session record using that key.

Is there a way from the business object's SaveSecurityCheck method we can get to the SessionBundle from the PersistenceManager's reference?

 

Upon login I see that the SessionManager maintains a dictionary of  SessionKey, Principal.  While logout removes the SessionKey entry from the dictionary.  How long does this table persist?  If the client did not properly logout due to client-side abnormal termination does this mapping table periodically cleans itself?

 

Is there any  functionality on the server that we can tap into to leverage this internal BOS SessionKey table  ?

 

Are there any alternatives you can propose with this version of DevForce to address our login concurrency requirement?

Back to Top
kimj View Drop Down
IdeaBlade
IdeaBlade
Avatar

Joined: 09-May-2007
Posts: 1391
Post Options Post Options   Quote kimj Quote  Post ReplyReply Direct Link To This Post Posted: 15-Nov-2012 at 3:49pm
Hi Louis,
 
I've responded to your questions via email, but other members of the community might also have insights on how they've solved this issue.
Back to Top
smi-mark View Drop Down
DevForce MVP
DevForce MVP
Avatar

Joined: 24-Feb-2009
Location: Dallas, Texas
Posts: 343
Post Options Post Options   Quote smi-mark Quote  Post ReplyReply Direct Link To This Post Posted: 15-Nov-2012 at 6:58pm
Typically how I've handled scenarios like this before is a lot simpler than using the session bundle.

When a user logs in we set a timestamp on the user table field to the current time, and update this every X amount of seconds (15-30 typically). If someone else tries to log in with those credentials and the time now vs the timestamp field is less than the update interval, we know the user is still logged in. When the user logs out properly this time field can be set to null, if for some reason they time out and there is not a proper logout sequence, the worst case is they can't log back in for 15-30 seconds.
Back to Top
smi-mark View Drop Down
DevForce MVP
DevForce MVP
Avatar

Joined: 24-Feb-2009
Location: Dallas, Texas
Posts: 343
Post Options Post Options   Quote smi-mark Quote  Post ReplyReply Direct Link To This Post Posted: 15-Nov-2012 at 7:01pm
Also, if you only use a single BOS, this could simply be a static dictionary with a user id and datetime. When they login a value would be added to the dictionary, or if it exists it would simply check as above that the elapsed time is greater than the interval. You could then have your client ping using a remote service method which would then update the time.
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down