Print Page | Close Window

Access to SessionBundle

Printed From: IdeaBlade
Category: DevForce
Forum Name: DevForce Classic
Forum Discription: For .NET 2.0
Printed Date: 17-Jul-2019 at 10:46pm

Topic: Access to SessionBundle
Posted By: Louis
Subject: Access to SessionBundle
Date Posted: 14-Nov-2012 at 8:23pm

We are currently using DevForce Classic (  on one of our applications.


We are interested in adding some level of session tracking in our app so that a single concurrent instance of a user login can be detected and enforced.  We would like to do this in the BOS if we can.


I see that the PersistenceManager login returns to the client a SessionBundle containing a unique SessionKey Guid along with the Principal.

It would be advantageous if we could get to that SessionKey in the server-side methods, SaveSecurityCheck and QuerySecurityCheck, and do some validations on a database session record using that key.

Is there a way from the business object's SaveSecurityCheck method we can get to the SessionBundle from the PersistenceManager's reference?


Upon login I see that the SessionManager maintains a dictionary of  SessionKey, Principal.  While logout removes the SessionKey entry from the dictionary.  How long does this table persist?  If the client did not properly logout due to client-side abnormal termination does this mapping table periodically cleans itself?


Is there any  functionality on the server that we can tap into to leverage this internal BOS SessionKey table  ?


Are there any alternatives you can propose with this version of DevForce to address our login concurrency requirement?

Posted By: kimj
Date Posted: 15-Nov-2012 at 3:49pm
Hi Louis,
I've responded to your questions via email, but other members of the community might also have insights on how they've solved this issue.

Posted By: smi-mark
Date Posted: 15-Nov-2012 at 6:58pm
Typically how I've handled scenarios like this before is a lot simpler than using the session bundle.

When a user logs in we set a timestamp on the user table field to the current time, and update this every X amount of seconds (15-30 typically). If someone else tries to log in with those credentials and the time now vs the timestamp field is less than the update interval, we know the user is still logged in. When the user logs out properly this time field can be set to null, if for some reason they time out and there is not a proper logout sequence, the worst case is they can't log back in for 15-30 seconds.

Posted By: smi-mark
Date Posted: 15-Nov-2012 at 7:01pm
Also, if you only use a single BOS, this could simply be a static dictionary with a user id and datetime. When they login a value would be added to the dictionary, or if it exists it would simply check as above that the elapsed time is greater than the interval. You could then have your client ping using a remote service method which would then update the time.

Print Page | Close Window