Session
Session objects are returned by the Session
command when scalable sessions are enabled in your project. The Session object is automatically created and maintained by the 4D web server to control the session of a web client (e.g. a browser). This object provides the web developer with an interface to the user session, allowing to manage privileges, store contextual data, share information between processes, and launch session-related preemptive processes.
For detailed information about the session implementation, please refer to the web server Sessions section.
Summary
.clearPrivileges() removes all the privileges associated to the session |
.expirationDate : Text the expiration date and time of the session cookie |
.hasPrivilege( privilege : Text ) : Boolean returns True if the privilege is associated to the session, and False otherwise |
.idleTimeout : Integer the inactivity session timeout (in minutes), after which the session is automatically closed by 4D |
.isGuest() : Boolean returns True if the session is a Guest session (i.e. it has no privileges) |
.setPrivileges( privilege : Text ) .setPrivileges( privileges : Collection ) .setPrivileges( settings : Object ) associates the privilege(s) and/or role(s) defined in the parameter to the session |
.storage : Object a shared object that can be used to store information available to all requests of the web client |
.userName : Text the user name associated to the session |
Session
History
Release | Changes |
---|---|
18 R6 | Added |
Session : 4D.Session
Parameter | Type | Description | |
---|---|---|---|
Result | 4D.Session | <- | Session object |
Description
The Session
command returns the Session
object corresponding to the current scalable user web session.
This command only works when scalable sessions are enabled. It returns Null when sessions are disabled or when legacy sessions are used.
When scalable sessions are enabled, the Session
object is available from any web processes in the following contexts:
On Web Authentication
,On Web Connection
, andOn REST Authentication
database methods,On Mobile App Authentication
andOn Mobile App Action
database methods for mobile requests,- ORDA Data Model Class functions called with REST requests,
- code processed through 4D tags in semi-dynamic pages (4DTEXT, 4DHTML, 4DEVAL, 4DSCRIPT/, 4DCODE)
- project methods with the "Available through 4D tags and URLs (4DACTION...)" attribute and called through 4DACTION/ urls.
Example
You have defined the action_Session
method with attribute "Available through 4D tags and URLs". You call the method by entering the following URL in your browser:
IP:port/4DACTION/action_Session
//action_Session method
Case of
:(Session#Null)
If(Session.hasPrivilege("WebAdmin")) //calling the hasPrivilege function
WEB SEND TEXT("4DACTION --> Session is WebAdmin")
Else
WEB SEND TEXT("4DACTION --> Session is not WebAdmin")
End if
Else
WEB SEND TEXT("4DACTION --> Sesion is null")
End case
.clearPrivileges()
History
Release | Changes |
---|---|
18 R6 | Added |
.clearPrivileges()
Parameter | Type | Description | |
---|---|---|---|
Does not require any parameters |
Description
The .clearPrivileges()
function removes all the privileges associated to the session. As a result, the session automatically becomes a Guest session.
Example
//Invalidate a session
var $isGuest : Boolean
Session.clearPrivileges()
$isGuest:=Session.isGuest() //$isGuest is True
.expirationDate
History
Release | Changes |
---|---|
18 R6 | Added |
.expirationDate : Text
Description
The .expirationDate
property contains the expiration date and time of the session cookie. The value is expressed as text in the ISO 8601 format: YYYY-MM-DDTHH:MM:SS.mmmZ
.
This property is read-only. It is automatically recomputed if the .idleTimeout
property value is modified.
Example
var $expiration : Text
$expiration:=Session.expirationDate //eg "2021-11-05T17:10:42Z"
.hasPrivilege()
History
Release | Changes |
---|---|
18 R6 | Added |
.hasPrivilege( privilege : Text ) : Boolean
Parameter | Type | Description | |
---|---|---|---|
privilege | Text | <- | Name of the privilege to verify |
Result | Boolean | <- | True if session has privilege, False otherwise |
Description
The .hasPrivilege()
function returns True if the privilege is associated to the session, and False otherwise.
Example
You want to check if the "WebAdmin" privilege is associated to the session:
If (Session.hasPrivilege("WebAdmin"))
//Access is granted, do nothing
Else
//Display an authentication page
End if
.idleTimeout
History
Release | Changes |
---|---|
18 R6 | Added |
.idleTimeout : Integer
Description
The .idleTimeout
property contains the inactivity session timeout (in minutes), after which the session is automatically closed by 4D.
If this property is not set, the default value is 60 (1h).
When this property is set, the .expirationDate
property is updated accordingly.
The value cannot be less than 60: if a lower value is set, the timeout is raised up to 60.
This property is read write.
Example
If (Session.isGuest())
// A Guest session will close after 60 minutes of inactivity
Session.idleTimeout:=60
Else
// Other sessions will close after 120 minutes of inactivity
Session.idleTimeout:=120
End if
.isGuest()
History
Release | Changes |
---|---|
18 R6 | Added |
.isGuest() : Boolean
Parameter | Type | Description | |
---|---|---|---|
Result | Boolean | <- | True if session is a Guest one, False otherwise |
Description
The .isGuest()
function returns True if the session is a Guest session (i.e. it has no privileges).
Example
In the On Web Connection
database method:
If (Session.isGuest())
//Do something for Guest user
End if
.setPrivileges()
History
Release | Changes |
---|---|
19 R8 | Support of "roles" Settings property |
18 R6 | Added |
.setPrivileges( privilege : Text )
.setPrivileges( privileges : Collection )
.setPrivileges( settings : Object )
Parameter | Type | Description | |
---|---|---|---|
privilege | Text | -> | Privilege name |
privileges | Collection | -> | Collection of privilege names |
settings | Object | -> | Object with a "privileges" property (string or collection) |
Description
The .setPrivileges()
function associates the privilege(s) and/or role(s) defined in the parameter to the session.
-
In the privilege parameter, pass a string containing a privilege name (or several comma-separated privilege names).
-
In the privileges parameter, pass a collection of strings containing privilege names.
-
In the settings parameter, pass an object containing the following properties:
Property | Type | Description |
---|---|---|
privileges | Text or Collection | |
roles | Text or Collection | |
userName | Text | User name to associate to the session (optional) |
Privileges and roles are defined in roles.json
file of the project. For more information, please refer to the Privileges section.
If the privileges
or roles
property contains a name that is not declared in the roles.json
file, it is ignored.
By default when no privilege or role is associated to the session, the session is a Guest session.
The userName
property is available at session object level (read-only).
Example
In a custom authentication method, you set the "WebAdmin" privilege to the user:
var $userOK : Boolean
... //Authenticate the user
If ($userOK) //The user has been approved
var $info : Object
$info:=New object()
$info.privileges:=New collection("WebAdmin")
Session.setPrivileges($info)
End if
.storage
History
Release | Changes |
---|---|
18 R6 | Added |
.storage : Object
Description
The .storage
property contains a shared object that can be used to store information available to all requests of the web client.
When a Session
object is created, the .storage
property is empty. Since it is a shared object, this property will be available in the Storage
object of the server.
Like the
Storage
object of the server, the.storage
property is always "single": adding a shared object or a shared collection to.storage
does not create a shared group.
This property is read only itself but it returns a read-write object.
Example
You want to store the client IP in the .storage
property. You can write in the On Web Authentication
database method:
If (Session.storage.clientIP=Null) //first access
Use (Session.storage)
Session.storage.clientIP:=New shared object("value"; $clientIP)
End use
End if
.userName
History
Release | Changes |
---|---|
18 R6 | Added |
.userName : Text
Description
The .userName
property contains the user name associated to the session. You can use it to identify the user within your code.
This property is an empty string by default. It can be set using the privileges
property of the setPrivileges()
function.
This property is read only.