Session control

  
Hello.

What's the better and safer way of controling the session behavior, e.g., if it is active or not?

Tnahks in advance.
Cheers

Hugo Laibaças
Direcção-Geral do Orçamento
Hi Hugo,

Exactly what are you trying to control, and for what purposes or scenarios?

Regards,

Paulo Tavares

Hi Paulo,

I started to work with the Agile Platform a few weeks ago. I'm getting some experience, but there are things that I don't understand quite well ;-)

When a user Login in a application, some session variables are setted (e.g, username, userid, etc.). First, I want to control the pages access, checking if a valid username is setted, for example. If there is no valid username, the application should redirect the user to an error screen or a login page, right? How to best implement that?
On the other hand, when a user exit the application (Logout), how do you clean the session? Resetting all session variables? I've noticed that theres a built-in action called Logout. Is this the action that should be associated to the logout option link? What happens after?

Light me, please :-)

Best regards,
Hugo Laibaças
Hi Hugo,

Check this video.

Regards,
João Rosado
Hi Hugo,

No problem - if everyone knew everything, there'd be no use for the forums, right? :) I'll comment on what you said, and hopefully it will become clearer.

When a user Login in a application, some session variables are setted (e.g, username, userid, etc.). First, I want to control the pages access, checking if a valid username is setted, for example. If there is no valid username, the application should redirect the user to an error screen or a login page, right? How to best implement that?

You are right: when the user logs in to an application, that information is indeed set. However, if you want to make sure that certain screens require the user to be logged in, you just have to set those screens to NOT allow Anonymous users to access it. You can actually set this when click the screen, its properties have a Permissions setting. You just have to uncheck the "Anonymous" one.

Now, if that by its own doesn't work, what you have to do is set an Error Handler at the web flow level, trapping the "Not Registered" Exception, and directing it to the Login page.

I know it's pretty summarized, but it should at least give you an overview of how it should be done.

On the other hand, when a user exit the application (Logout), how do you clean the session? Resetting all session variables? I've noticed that theres a built-in action called Logout. Is this the action that should be associated to the logout option link? What happens after?


The Logout action does indeed clear the UserId and UserName session variables, at least. If you want to explicitely clear more cariables, you should create your own Logout action that clears the variables you want, and then invokes the Agile Platform's logout action.

Let us know if this helps, and how it goes! And if you need any more specific help, don't hesitate to share your eSpace or screenshots of specific questions you have!

Regards,

Paulo Tavares