Change the Session logged In User ID

Change the Session logged In User ID

  

Dears, 

I'm Developing a task which is to make proxy login, ex: A man login as his father or his wife and vise versa

The first idea came to me is to change the the session user Id because all the modules was developed with the GetUserId() system function which returns the logged In user Id that is saved in the login session state.

So is it available to change the current user Id in the runtime or it is managed by OutSystems ?! and if no please help me finding a solution. help will be very appreciated. 


Thanks
Best Regards,

Al Mokadem

Hi Mohamed,

Take a look at action User_Logout, User_Login from Users module and Login from System. I think it can help you.

Regards,
Samuel

Hello Mohamed.

Use the Login action from System module to change the UserId of the logged in user. This action only requires a UserId, though, so your application will need to make sure that the current user has rights to impersonate the new user.

The User_Logout and User_Login, as suggested, would also work, but they require the username and password of the new user. On most impersonation use cases the password of the new user is not given.

Hi Samuel and Leonardo, 

Firstly thanks for your reply. 

The problem is I want to Impersonate without using the logout/login server action because He will not be allowed to use the username and password. It will be a request for the admins and if admins agrees so his proxy will be able to login with his own username and password but on behave of his (see his proxy's data).


so from here I came with the idea of changing the login session ID it self when the users chooses to login as his proxy 


Mohamed, you need to use the Login action from System module. This action only receives the UserId as a parameter, and will change the UserId stored in the session.

Hi Mohamed,

Technically, Leonardo's solution works perfectly.

However, you need to be careful here, as you probably don't want to loose track of who actually logged in... one thing is doing something on behalf of someone else, another is being that someone else. If you just switch the logged-in user and nothing else, there will be no traceability on who did what in your system (you loose all info on who is impersonating him/her). This seems like a terrible risk...

Hi Mohamed, 


As @Jorge Martins said it's a risk to force a logging action and change the userId Session because you will loose the track of who actually is logged in. 

I am new to the community but i hope i can help in some way !

What i did in a previous project was creating another session, let's say Session.ImpUserId, and i kept the same validates as you have using GetUserId()  but i added one "if statement" before, where it checked if the Session.ImpUserId was empty. 

So if the Session.ImpUserId was empty it means that there where no Impersonations. Basicly , something like :

IF(Session.ImpUserId  <> null, Session.ImpUserId, GetUserId())


I assigned the value on the Impersonate action and i had one button on the top of the screen, which was only visible when Session.ImpUserId was not null to "turn off" the Impersonation (set it to null basically) .


Edit: With this solution you will keep the track of who really is logged in by not changing the UserId Session Value.


EDIT V_2: Another possible solution,which leads to the same result, is creating a Session.LoggedInUser and assign it the value of the current logged in user before you Impersonate. This solution will allow you to not change the current validations you have based on GetUserId() and still keep tracking of  who actually logged in.


Best regards,

Diogo Romero


Hello All, 

  I really appreciate the replies it was very helpful, Your advice comes true for the tracking who logged in and who did what on the same is a thing I don't want to loose. 

I will take Romeos Idea as a solution it will reflect too much effort because the systems is already up and running and we have used the get GetUserId() more thank 700 times but looks like a final decision. 

Thank you all again, keep the community up and running.

Cheers 

Mohamed Al Mokadem