Sessions are used to keep a server side session for a particular user. They use a Cookie to track the user, and a database record to store any data you attach to the session. Sessions have a timeout when they expire and the expiration lease is renewed each time the session is accessed.
You typically call
wwProcess::OnProcessInit() to initialize the active session for every request in a process class.
This methods does the following:
- Creates an instance of
- Exposes the
- Exposes a PRIVATE
- Sets a session cookie that holds the Session Id
In your subclass of wwProcess in the Process method add the
InitSession() call into OnProcessInit():
FUNCTION OnProcessInit *** all parms are optional *** wwDemo Cookie, 30 minute timeout, persist cookie THIS.InitSession("wwDemo",1800,.T.) ... RETURN
This creates a PRIVATE
Session variable (and also
Process.oSession) that is scoped to the Process class and all its methods.
FUNCTION YourProcessMethod lcSessionVar = Session.GetSessionVar("MyVar") IF EMPTY(lcSessionVar) *** Not set Session.SetSessionVar("MyVar","Hello from a session. Created at: " + TIME()) lcSessionVar = Session.GetSessionVar("MyVar") ENDIF THIS.StandardPage("Session Demo","Session value: " + lcSessionVar) RETURN
While you usually want to initialize the
Session globally, you can also call
InitSession() in individual process methods, only where needed. If you only have a few methods that require use of
Session, you can call
InitSession() in each of these methods:
FUNCTION MyProcessMethod() THIS.InitSession("wwDemo",1800,.T.) ... RETURN
o.InitSession(lcSessionCookieName, lnTimeoutSeconds, llPersist, llSecure)
String - The current Session ID.
Optional - Name of the cookie to be created. We recommend you change this to something specific to your application as cookies are created at the domain root so multiple application might interfere with the cookie.
Default: wwProcess::cSessionKey ("wwSession")
The timeout on the session in seconds. This is how long the session sticks around for the user. Once this time is up and the user returns the session's state is released.
Default: 1800 (30 minutes)
Creates a permanent cookie on the client that allows the session cookie to persist permanently on the client so that it persists across browser shut downs until the timeout expires. Note the timeout overrides the persistence!
Secure flag on the HTTP cookie which requires the cookie to travel over HTTPS.
.T., the session still expires when the timeout expires. However the cookie does not expire. The cookie and the associated SessionId are therefore retrievable.
For example you can save the Session ID with a customer record, and when the customer returns when a persisted cookie exists you can automatically reattach to that customer using the Session Id. The previous session data may be gone but the Session ID can allow you to retrieve the customer again.
Make sure if you set the
llSecurethat all requests that require Sessions are using HTTPS otherwise the cookie may be lost in a non-HTTPS transition.
See also:Class wwProcess | Class wwSession
Comment or report problem with topic