Hi,
I am working on javastack of outsytems version 9.0.0. I have a requirement where user should be able to login from one machine at a time. It means, if user have logged in from one machine and try to login from other machine (or different browser from the same machine) system should promt user asking to logout from the previous session to login again.

Is this achievable in outsystems? if so how? For this i want to understand on session management in outsytems.

Thanks,
Thiru
Facing same situation, is there any update of this issue?

Regards,
Hakim.

Yes, I have managed to check if a user already has an other session on the .Net/ISS stack with SQL database.

Of course, the user needs to be logged in, before you can check this.

In short:

- Sessions are stored in a separate database (osSession in my case)
- Create a Database connection to this database (preferably with a read only user)
- In IntegrationStudio create a mapping to two of the three tables: ASPStateTempSessions and ASPStateTempSessionExtVars
- In your application set the dependencies to be able to use this tables
- Create a query joining these two tables based on the session id
- Filter on:
      - ASPStateTempSessionExtVars.UserId being the Session.UserId
      - ASPStateTempSessionExtVars.Cookie being the Session Id you can get with HTTPRequestHandler.GEtSessionId (bit strange, but the session id in the tables have some extra characters)
      - ASPStateTempSessions.ExpirationDateTime > CurrDateTime()

This did the trick for me.

Another approach is to use the GetSessionId function from HttpRequestHandler extension and a local table of your application to save the SessionId and UserId. Inside On Session Start event check for an active session for the user who is logging in and kill this session of your control table. On the Begin Web Request event check your session still exists in this table if not abort the request and proceed with Logout. I believe that you don't need any kind of control because the session may not be necessary to remain in this table, that the next logon delete the old session and insert the new one. That way you avoid working directly with the system tables and does not run the risk of future incompatibilities due to system updates. Map directly to the system tables are not supported and is not advisable.

Alexandre Costa wrote:

Another approach is to use the GetSessionId function from HttpRequestHandler extension and a local table of your application to save the SessionId and UserId. Inside On Session Start event check for an active session for the user who is logging in and kill this session of your control table. On the Begin Web Request event check your session still exists in this table if not abort the request and proceed with Logout. I believe that you don't need any kind of control because the session may not be necessary to remain in this table, that the next logon delete the old session and insert the new one. That way you avoid working directly with the system tables and does not run the risk of future incompatibilities due to system updates. Map directly to the system tables are not supported and is not advisable.

Hi Alexandre, did you get to implement this solution? I'm concerned with the performance of the application if for each web request we need to perform a query to a table and act on its response.

Any thoughts?


Jan Klabbers wrote:

Yes, I have managed to check if a user already has an other session on the .Net/ISS stack with SQL database.

Of course, the user needs to be logged in, before you can check this.

In short:

- Sessions are stored in a separate database (osSession in my case)
- Create a Database connection to this database (preferably with a read only user)
- In IntegrationStudio create a mapping to two of the three tables: ASPStateTempSessions and ASPStateTempSessionExtVars
- In your application set the dependencies to be able to use this tables
- Create a query joining these two tables based on the session id
- Filter on:
      - ASPStateTempSessionExtVars.UserId being the Session.UserId
      - ASPStateTempSessionExtVars.Cookie being the Session Id you can get with HTTPRequestHandler.GEtSessionId (bit strange, but the session id in the tables have some extra characters)
      - ASPStateTempSessions.ExpirationDateTime > CurrDateTime()

This did the trick for me.

Also have done this and also did the trick for me. But i understand the concerns of Alexandre. About the concerns on the perfomance on Alexandre solution, it depends on the number of users and number of requests made by them. But i'm guessing if you set up a cleaning timer and you don't have too many user handling the system at the same time. you'll never have enougth records on that table to cause you problems. 

Br

Hugo Rodrigues wrote:

Alexandre Costa wrote:

Another approach is to use the GetSessionId function from HttpRequestHandler extension and a local table of your application to save the SessionId and UserId. Inside On Session Start event check for an active session for the user who is logging in and kill this session of your control table. On the Begin Web Request event check your session still exists in this table if not abort the request and proceed with Logout. I believe that you don't need any kind of control because the session may not be necessary to remain in this table, that the next logon delete the old session and insert the new one. That way you avoid working directly with the system tables and does not run the risk of future incompatibilities due to system updates. Map directly to the system tables are not supported and is not advisable.

Hi Alexandre, did you get to implement this solution? I'm concerned with the performance of the application if for each web request we need to perform a query to a table and act on its response.

Any thoughts?


Hi Hugo, yes I implemented it, all depends on your requirements, in my case I used cache (5 minutes) to lessen the impact and I have created a table to control. Besides this, I implemented an invalidated cache mechanism for the specifics situations that I have.

Of course, we need to take care of doing things inside the On Begin Web Request event, but normally all requests access database for doing things. 

I hope this helps.