Sessions are used to keep a server side session for a particular user. They use a Cookie to track the user, and a database record to store any data you attach to the session. Sessions have a timeout when they expire and the expiration lease is renewed each time the session is accessed.

Common Usage in OnProcessInit()

You typically call InitSession() in wwProcess::OnProcessInit() to initialize the active session for every request in a process class.

This methods does the following:

  • Creates an instance of wwSession (or wwSessionSql)
  • Exposes the wwProcess::oSession property
  • Exposes a PRIVATE Session variable
  • Sets a session cookie that holds the Session Id

Initialize the Session Globally

In your subclass of wwProcess in the Process method add the InitSession() call into OnProcessInit():

FUNCTION OnProcessInit

*** all parms are optional
*** wwDemo Cookie, 30 minute timeout, persist cookie

This creates a PRIVATE Session variable (and also Process.oSession) that is scoped to the Process class and all its methods.

Use the Session in your code

FUNCTION YourProcessMethod

lcSessionVar = Session.GetSessionVar("MyVar")
IF EMPTY(lcSessionVar)
   *** Not set
   Session.SetSessionVar("MyVar","Hello from a session. Created at: " + TIME())
   lcSessionVar = Session.GetSessionVar("MyVar")

THIS.StandardPage("Session Demo","Session value: " + lcSessionVar)

Initialize Session for each Method

While you usually want to initialize the Session globally, you can also call InitSession() in individual process methods, only where needed. If you only have a few methods that require use of Session, you can call InitSession() in each of these methods:

FUNCTION MyProcessMethod()

Return Value

String - The current Session ID.


Optional - Name of the cookie to be created. We recommend you change this to something specific to your application as cookies are created at the domain root so multiple application might interfere with the cookie.
Default: wwProcess::cSessionKey ("wwSession")

The timeout on the session in seconds. This is how long the session sticks around for the user. Once this time is up and the user returns the session's state is released.
Default: 1800 (30 minutes)

Creates a permanent cookie on the client that allows the session cookie to persist permanently on the client so that it persists across browser shut downs until the timeout expires. Note the timeout overrides the persistence!

Sets the Secure flag on the HTTP cookie which requires the cookie to travel over HTTPS.


llPersist and Timeouts

Even if llPersist is .T., the session still expires when the timeout expires. However the cookie does not expire. The cookie and the associated SessionId are therefore retrievable.

For example you can save the Session ID with a customer record, and when the customer returns when a persisted cookie exists you can automatically reattach to that customer using the Session Id. The previous session data may be gone but the Session ID can allow you to retrieve the customer again.

Use Secure only if your entire site is https

Make sure if you set the llSecure that all requests that require Sessions are using HTTPS otherwise the cookie may be lost in a non-HTTPS transition.

See also:

Class wwProcess | Class wwSession

© West Wind Technologies, 1996-2022 • Updated: 07/06/18
Comment or report problem with topic