How Session Management Works
Last Updated: 9/21/2008
|Sections above here:|
Home » Development » Session Management
Sections below here:
When using Application Mode in IntraWeb, session tracking is performed automatically. This allows the user to concentrate on the application and forget about session management. Even though this is all automated, it is good to understand how IntraWeb accomplishes this and see how it can extend it to store certain information.
URL session tracking is the default method. When using this method, the information appears in the URL at all times. When the application is first called, the URL is of the form:
After the first call, the appropriate session information will be appended to the URL, which will be:
There are two important values here to understand, Z represents the track ID whereas YYYYYYYYYYYYY represents the session ID. The track ID represents the "state" in which the application is. When an IW application starts, the track ID is set to 0. Every time a new request is made to the server, the track ID is incremented by 1. Each new request has a higher value than the previous one. This allows IW to know exactly what state it is in. The session ID is a random value that is generated from unique values so that it is different for each user that accesses the application. This makes it virtually impossible for sessions to be intermixed between two users. One of the disadvantages of using URL as session tracking is that the user will always see the URL in this format. Any change in the session ID will result in a invalid session message.
Cookies is a good alternative when users have cookies enabled in their browser and have no problems using them. Cookies also offer the advantage of not having a long URL and also reentry options. By allowing re-entry, the application can link to an external website and from that external website link back into the application. For more information regarding this, see the OnReEntry event in the ServerController.
As for the information stored, the same entries (session Id and track ID) as with tmURL as stored in the cookie.
Introduced in Intraweb 5.1, hidden fields can now be used to implement session tracking. Each time a new request is made, two additional fields are rendered inside the FORM tag when the page is displayed. Using this method of session tracking, the URL can also be kept "simple" without the need of displaying the track ID and session ID on each request.
What are hidden fields ?
Hidden fields are standard HTML form fields that don't aren't visual. This is, the regular user never sees them. Hidden fields are rendered to HTML as a <INPUT TYPE="hidden" NAME="my name" VALUE="my value"> tag, where "my name" is the name of the hidden field, and "my value" is the actual value the hidden field is holding.
Note: When this session tracking method is used, the ExecCmd string will appear on the URL bar if server side resize is active. This behaviour is by design and can't be avoided.
(C) 2002-2009 - Atozed Software Ltd.