CommunityForgeAssets listConcurrent Session Control
concurrent-session-control
Service icon

Concurrent Session Control

Stable version 1.0.0 (Compatible with OutSystems 11)
Uploaded
 on 2 Jul (2 days ago)
 by 
0.0
 (0 ratings)
concurrent-session-control

Concurrent Session Control

Documentation
1.0.0

📘 Concurrent Session Control Setup Guide

This document outlines the steps required to configure Concurrent Session Control in an OutSystems Reactive Web Application. The goal is to ensure that each user maintains only one active session by issuing and validating session tokens.

✅ Prerequisites

  • You have a module that includes or consumes the ConcurrentSessionControl logic.

  • A server action named GenerateUserTokenWithSingleSession and a client action ValidateUserToken are already available.

🔧 Step 1: Create a Client Variable to Store the Token

  1. In Interface > Client Variables, create a new variable:

    • Name: UserToken

    • Data Type: Text

    • Description: Used to store the current authenticated user's token.



🔐 Step 2: Modify the Login Logic to Generate and Store Token

  1. Open your DoLogin logic or the client/server action that performs user login.

  2. After the user is successfully authenticated, call the server action:

    • GenerateUserTokenWithSingleSession

  3. Set the output token from this action to the UserToken client variable.

  4. Example assignment:

    outsystem
    Set UserToken = GenerateUserTokenWithSingleSession.Token

🛡️ Step 3: Create a Client Action to Validate the Token

  1. Add a new Client Action named ValidateUserToken.

  2. Inside this action:

    • Use the server action ValidateUserToken from the ConcurrentSessionControl module.

    • Pass the UserToken as input.

  3. Handle the response:

    • If IsValid = False, display a message to the user:

      “Another session has been started using your account. You will now be signed out.”

    • Redirect the user to the logout screen.

🧭 Step 4: Validate Token on App Startup

System Event: On Application Ready

  1. Navigate to Logic tab.

  2. Right-click on the Client Actions folder.

  3. Select Add System Event > On Application Ready.

  4. Inside the On Application Ready logic:

    • Check if UserToken is not empty.

    • If not empty, run a timer to continuously validate the token every 10 seconds using JavaScript.

javascrip
var delayInMilliseconds = 1000; // 1 second
setInterval(function() {
    $actions.ValidateUserToken();
}, 10 * delayInMilliseconds); // Adjust interval as needed

🧠 Internal Logic of GenerateUserTokenWithSingleSession

  • Check if a session exists in ExclusiveUserSession for the current user:

    • If exists → update the token and timestamp.

    • If not → create a new record.

  • Fields:

    • TokenGenerationDateTime = CurrDateTime()

    • TokenExpirationDateTime = CurrDateTime() + MinutesToAdd(UserTokenValidityDurationMinutes)

UserTokenValidityDurationMinutes is a Site Property that controls the lifetime of the token. You can update this property from Service Center or at design time.

🎯 Summary

FeatureImplementation
Single Active SessionGenerateUserTokenWithSingleSession
Token ValidationValidateUserToken + scheduled check
Expiry ConfigurationUserTokenValidityDurationMinutes (Site Property)
User Notification & RedirectOn invalid token → show message & redirect to logout