How Session Management Works

Last Updated: 9/21/2008



Sections above here:
Home  »  Development  »  Session Management

Sections below here:

    Topics in this section:
    Session Management
    Session Implementation
    Storing Additional Data
    Session Related Events
    Memory Consumption
    How Session Management Works

    Search Documentation:

    When using Application Mode in IntraWeb, session tracking is performed automatically. This allows the user to concentrate on the application and forget about session management. Even though this is all automated, it is good to understand how IntraWeb accomplishes this and see how it can extend it to store certain information.

    IntraWeb allows the user to specify how session management is tracked. This provides flexibility since certain situations restrict the user to a certain type of tracking. For example, when the application is deployed to a large corporation, which has certain browser restrictions such as not permitting cookies, another form of session tracking can be used. To provide this flexibility, session tracking can be obtained using one of the following options: Hidden Fields, URL and Cookies.

    Developers that are accustomed to implementing session tracking using technologies such as WebBroker are familiar with these since they are the 3 most common (if not the only) way of implementing such a feature. The method used is set as a property in the ServerController (SessionTracking).

    URL

    URL session tracking is the default method. When using this method, the information appears in the URL at all times. When the application is first called, the URL is of the form:

    http://xxx.xxx.xxx.xxx:xxxx/{start_command}

    After the first call, the appropriate session information will be appended to the URL, which will be:

    http://xxx.xxx.xxx.xxx:xxxx/exec_command/Z/YYYYYYYYYYYYYYY

    There are two important values here to understand, Z represents the track ID whereas YYYYYYYYYYYYY represents the session ID. The track ID represents the "state" in which the application is. When an IW application starts, the track ID is set to 0. Every time a new request is made to the server, the track ID is incremented by 1. Each new request has a higher value than the previous one. This allows IW to know exactly what state it is in. The session ID is a random value that is generated from unique values so that it is different for each user that accesses the application. This makes it virtually impossible for sessions to be intermixed between two users. One of the disadvantages of using URL as session tracking is that the user will always see the URL in this format. Any change in the session ID will result in a invalid session message.

    Cookies

    Cookies is a good alternative when users have cookies enabled in their browser and have no problems using them. Cookies also offer the advantage of not having a long URL and also reentry options. By allowing re-entry, the application can link to an external website and from that external website link back into the application. For more information regarding this, see the OnReEntry event in the ServerController.

    As for the information stored, the same entries (session Id and track ID) as with tmURL as stored in the cookie.

    Hidden Fields

    Introduced in Intraweb 5.1, hidden fields can now be used to implement session tracking. Each time a new request is made, two additional fields are rendered inside the FORM tag when the page is displayed. Using this method of session tracking, the URL can also be kept "simple" without the need of displaying the track ID and session ID on each request.

    What are hidden fields ?

    Hidden fields are standard HTML form fields that don't aren't visual. This is, the regular user never sees them. Hidden fields are rendered to HTML as a <INPUT TYPE="hidden" NAME="my name" VALUE="my value"> tag, where "my name" is the name of the hidden field, and "my value" is the actual value the hidden field is holding.

    Hidden fields are contained within HTML forms, yet they don't have a visual appearance. They are very useful for session tracking, as well as for passing data between forms.

    Note: When this session tracking method is used, the ExecCmd string will appear on the URL bar if server side resize is active. This behaviour is by design and can't be avoided.




    (C) 2002-2009 - Atozed Software Ltd.