Before a user can work with the Application Server he has to perform a login process. This process consists of authenticating against the system and creating a new user session. Login is only successful if the authentication was successful and a session could be created.

After a user ended work with the system he should log out of the Application Server. When logging out the user closes the user session he created during login.