ServerController.OnBeforeNewSession

<< Click to Display Table of Contents >>

Navigation:  Forum >

ServerController.OnBeforeNewSession

Forum link

 

 

04-07-2018, 06:52 PM:

 

I'm trying this method out before using it in a live setting.  The result of the code below is a blank screen.  Is there some way to return text, or an error message?

 

Code:

 

procedure TIWServerController.IWServerControllerBaseBeforeNewSession(const aUrlPath: string; aRequest: THttpRequest; out vCanCreate: Boolean);

 

begin

 

  vCanCreate := false;

 

end;

 

 

 

 

04-09-2018, 11:15 AM:

 

(04-07-2018, 06:52 PM)DanielFields Wrote: [ -> ]I'm trying this method out before using it in a live setting.  The result of the code below is a blank screen.  Is there some way to return text, or an error message?

 

Code:

 

procedure TIWServerController.IWServerControllerBaseBeforeNewSession(const aUrlPath: string; aRequest: THttpRequest; out vCanCreate: Boolean);

 

begin

 

  vCanCreate := false;

 

end;

 

 

 

Hi Daniel,

 

I think you are trying to use this event to actually block some user from starting a session and, at the same time, provide some feedback, right? I have to give it a thought. When you don't allow a session creation IW will return HTTP status code 404, not 200.

 

In order to provide a page containing error information you would have to have full access to a response object. Not sure if it is possible without a few changes....

 

 

04-09-2018, 04:19 PM:

 

I'd be happy with just the response code and text, not the full Response object. Not hugely important, but it would be nice to have.

 

 

04-13-2018, 03:52 PM:

 

what if you "redirect" the user to a specific HTML response page ?

 

you can create it on-the-fly with a desired content (with what you want to tell the user).

 

 

04-13-2018, 06:07 PM:

 

(04-13-2018, 03:52 PM)EitanArbel Wrote: [ -> ]what if you "redirect" the user to a specific HTML response page ?

 

you can create it on-the-fly with a desired content (with what you want to tell the user).

 

When Daniel posted I tried to look into some of that as well.  He didn't say, but I assume he is trying to decrease the weight of his inbound filters to avoid creating a session at all, instead of killing the session when found to be unnecessary.  Good plan.

 

When I started digging around in the existing redirect code (what I found in a quick look anyway), it lived in the session object... which won't be there.  I poked on it anyway and, as expected, it failed.  There may be other options I don't know about.  Most likely Daniel already tried those things but I thought I might accidentally learn something by looking.

 

Dan