When a user interacts with the Application Server using a client application as the Smart Client he does so in the context of a user session. A user session is created during the login process.
A single user can have more than one user session at one time (e.g. when accessing the system from different clients). User sessions can be open or closed, only open user sessions can be used to access the Application server, closed user sessions are kept on the Application Server for traceability reasons only. Every request to the Application Server (except requests needed during login and some general information gathering requests) must refer to an open user session to be answered by the Application Server.
Open user sessions can be in different states according to time stamp when they were last used for a request to the Application Server. See chapter User session expiration for more details
All open user sessions will be closed when the Application Server restarts. If the Application Server is not shut down cleanly (e.g. due to a power shortage) user sessions that still seem to be open on startup of the Application Server will be closed at that point in time.
The Application Server records several parameters for each user session. See table 2 for detaile
Logged datum |
Description |
Session ID |
Each user session gets a unique numerical ID. |
Session user |
The system user that is linked to this session. |
Session token |
Unique identifier for the session. The system uses a Global Unique Identifier (GUID). This token is subsequently used for connecting requests to the application server with a specific user session. |
Session start |
Timestamp when the session was created |
Session end |
Timestamp when the session was closed (written when a session is closed). |
Session end reason |
The reason why a session was ended. Can be one of the following reasons: •User request: User or user's client software requested the logout from the Application Server. •Session timeout: The user session's maximum idle time was exceeded and the session was therefore closed •Forced session close: A user session was forcefully closed by another user. •Server restart: A user session was opened when the Application Server was shut down. On restart the server cleans the user sessions still marked as open. •Unknown: Session was closed due to an unknown reason |
Session last used |
Timestamp when the session was last used for querying the Application Server. This timestamp updated in memory whenever a client requests something from the Application Server. On closing of the session the value is persisted. |
Client information |
Additional information that can be provided by the client: •Client name: String that identifies the client software •Version: Version of the client software |
Time offset |
The time offset of the client given relative to UTC in minutes. This is used to compute date time values according to the clients time offset. |
Allowed session idle time |
The time (in seconds) that the session is allowed to be idle, before it is considered an expired session. |
Authentication attempt ID |
The authentication attempt that was used when a user session was created. |
Table 1: Details logged for each user session
