New Feature in IntraWeb XIV: Session events log

New Feature in IntraWeb XIV: Session events log

IntraWeb 14.0.32 introduced a new feature: Session events log.

The TIWServerController class has a new property named LogSessionEvents (default False). When TRUE, IntraWeb will log each request received by your IW application and processed in a session context (requests that require a session), including session creation and destruction. This allows you to fully understand each session life cycle.

The session log file is named “YourApplicationName_session.log”, created in the application folder. This file is not a text file, because we save the information in a structured format. You can use our tool named IW Session Log Viewer (download it here in both x86 and x64 versions) to view all session data:

On the top-left panel there are some informations about the application: Total number of sessions logged to the file, maximun number of concurrent sessions, active sessions and expired sessions. Expired sessions should be always zero, except when a session have just expired and the cleanup thread didn’t run the next cycle yet.

On the top-right panel, there are informations about some specific session, including remote IP address, browser, duration, etc. On the main panel there is a grid containing all the requests received by the application for that specific session, including all content fields. This can give you valuable information about your session and you can fully understand how it is working.

Some important notes:

  • Although the file is not saved in text format, it still can be read by humans, using something like Notepad.
  • This file may contain sensitive information like usernames/passwords/etc (see request #5 above)
  • There is a single session log file for ALL IntraWeb sessions, meaning that only one session can write to that file at any time. So yes, there is a critical section-like object preventing multiple threads from writing to the file simultaneously. This may have significant impact on your IntraWeb application performance, depending on the number of simultaneous sessions.
  • Requests for static files, like images, JavaScript and CSS files are not logged because they are served without session validation.

In short: Do not enable the session log in production servers. Do it only for short periods in a controlled environment, in order to detect some malfunction or strange behavior of your application. And keep the session log file SAFE!