Hi. Is there is a way to get the user id based on the ASP.Net Session Id?
The reason for this question is this:
I have a web application that will use the platform's session model. On some web screens, I would like to make a manual XHR call to a REST API endpoint from the same eSpace. I do not intend to use screen actions. However, doing so means I will not be able to get the user id from my REST API. But I know that I can still get the session id by getting the ASP.Net_SessionId cookie. If I'm not wrong, this session id should help determine if the user has already logged into the application.
So basically, I want to leverage on this session Id instead of having to implement my own token authorization for my REST API endpoints.
I am open to other suggestions of how to get user id from the REST call.
Hi Enriel,
This is a very interesting question, and I spent some time writing a long winded post about sessions and the inner data model OutSystems uses to keep track of session data. I was pretty sure it wasn't possible, so I tried to think of ways to keep track of the relationship between session id and User id since I believe it's no longer explicitly exposed by the platform.
Then I looked into the PlatformRuntime_API extension and there's an action that does all of that...
I tested it out and Session_GetWebAppLoginInfo returns a UserId if you access a REST method from a screen while logged in, which sounds like what you need. I can't find any documentation on it so I'm not absolutely sure it will work in your manual XHR scenario.
Afonso Carvalho wrote:
Hi Afonso,
Yes this is exactly what I needed! I have tested this with my current implementation and it works. Many thanks!
Out of curiosity, is there a way to access the session variables by the user id or session id?
No problem Enriel. Glad to know you got it sorted out!
Reading your question, I might still get some use of what I wrote before finding the right API. This is a good primer on the way OutSystems internally manages session data, but it was written in 2015 and I believe some things are no longer up to date.
From what I gather, there's no API to do this. Session data can be managed programatically, but there appears to be no way to select arbitrary session data from a specific user. Going by that thread, there's some interesting tables like ASPSTATETEMPSESSIONS:
But again, no clear way to link this to an actual User id. Going by a few old threads, it appears possible to gleam actual session variables from ASPSTATETEMPSESSIONSEXTVARS, but I can't make sense of the data. I suspect it's suffered some changes since 2015 and it's no longer that simple. Here's a query example if you're curious and want to look into it:
That would be useful. Thanks for the info.
Hi,
I am trying to use call "Session_GetWebAppLoginInfo" from both REST method (I am intend to use it for REST authentication) and a client action (via a screen). But always get a "0" value back under userid output param. I have logged in to application.
May I know what could be wrong?
Appreciate if anyone could share a working oml so I can compare it to see what I have done wrong.
I have tested in both Platform 11.9.1 (on-prem) and 11.13.0 (personal environment). Both have same result too.
Thanks.Regards,Soon
Hello Soon,
Sorry, I wasn't notified of a new reply to this thread.
Are you using a Traditional Web App or is it Mobile/Reactive? I believe the method will only work for Traditional apps, and I'm not certain about Reactive. I remember it worked as expected when I tested it for Enriel's question. If you're still testing this, I can try and share a module later today.
No worry and thanks for your reply.
It is in Reactive Web App and I have put on hold the testing and focus on other stuff.Appreciate if you can assist to provide me an working version in Reactive App.
Thanks!
Regards,Soon
I've tested this and I can confirm your results Soon - Session_GetWebAppLoginInfo returns 0 as the User Id in a Reactive app, but I guess this is to be expected, since there's a mobile version of the Action. It stands to reason that these Actions must be built for each specific application architecture. Out of curiosity, I did try Session_GetMobileAppLoginInfo to see what the behaviour would be, but it causes the REST service to return a 500 HTTP error.
Thanks for confirming that.My use cases are pretty similar to Enriel.
We have just upgrade from v8 to v11 and trying to implement all new application with Reactive now. Will think about Traditional Web App approach or may just calling Server Action from different eSpace.