Atozed Forums

Full Version: ServerController.OnBeforeNewSession
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I'm trying this method out before using it in a live setting.  The result of the code below is a blank screen.  Is there some way to return text, or an error message?



Code:
procedure TIWServerController.IWServerControllerBaseBeforeNewSession(const aUrlPath: string; aRequest: THttpRequest; out vCanCreate: Boolean);
begin
  vCanCreate := false;
end;
(04-07-2018, 06:52 PM)DanielFields Wrote: [ -> ]I'm trying this method out before using it in a live setting.  The result of the code below is a blank screen.  Is there some way to return text, or an error message?



Code:
procedure TIWServerController.IWServerControllerBaseBeforeNewSession(const aUrlPath: string; aRequest: THttpRequest; out vCanCreate: Boolean);
begin
  vCanCreate := false;
end;

Hi Daniel,

I think you are trying to use this event to actually block some user from starting a session and, at the same time, provide some feedback, right? I have to give it a thought. When you don't allow a session creation IW will return HTTP status code 404, not 200.
In order to provide a page containing error information you would have to have full access to a response object. Not sure if it is possible without a few changes....
I'd be happy with just the response code and text, not the full Response object. Not hugely important, but it would be nice to have.
what if you "redirect" the user to a specific HTML response page ?
you can create it on-the-fly with a desired content (with what you want to tell the user).
(04-13-2018, 03:52 PM)EitanArbel Wrote: [ -> ]what if you "redirect" the user to a specific HTML response page ?
you can create it on-the-fly with a desired content (with what you want to tell the user).

When Daniel posted I tried to look into some of that as well.  He didn't say, but I assume he is trying to decrease the weight of his inbound filters to avoid creating a session at all, instead of killing the session when found to be unnecessary.  Good plan.

When I started digging around in the existing redirect code (what I found in a quick look anyway), it lived in the session object... which won't be there.  I poked on it anyway and, as expected, it failed.  There may be other options I don't know about.  Most likely Daniel already tried those things but I thought I might accidentally learn something by looking.

Dan