TRtcDataServer Sessions

[hannesgw]

Is there a simple way to create a new session ID, to replace the old one?

- New visitor gets a session
- Visitor logs in and gets a new session ID as a protection (like in php session_regenerate_id)
   and that the old session (ID) has expired
 

[D.Tkalcec (RTC)]

You can use the "CloseSession" method from the "TRtcDataServer" component to close any "old" Session by providing a SessionID. To open a new Session, use the "OpenSession" method. After using the "OpenSession" method, you will have access to the new Session through the "Session" property.

Here are a few FAQ topics related to Sessions:
1. What is a Session in RTC?
2. Is Session Management done automatically by the RTC?
3. Sessions and User Management
4. Using Sessions in Remote Functions
5. Web example using Sessions, Cookies and Form Post data (user input)

Best Regards,
Danijel Tkalcec

[hannesgw]

thanks for your answer

if I use AutoSessions in Remote Functions can i also use Session.FinalExpire
or when are sessions closed (and free) .. on disconnect?

[D.Tkalcec (RTC)]

Even if you use AutoSessions=True, you still have the option to force-close a Session by using the SessionClose method.

Sessions live outside of the concept of physical connections, which means that a Session will survive even if a connection is being opened and closed multiple times. Instead of being linked directly to a physical connection, Sessions have an expected "time to live", which you should set by using the "AutoSessionsLive" property when using  "AutoSessions=True".

Best Regards,
Danijel Tkalcec

[hannesgw]

Hi i've 2 TRtcDataProvider on a TDataModule linked to same TRtcHttpServer.
each TRtcDataProvider get an own session id, how can i fix that every DataProvider use same session?

dpTest: TRtcDataProvider;
dpDemo: TRtcDataProvider;

procedure TDataModule.OndpTestCheckRequest(Sender: TRtcConnection);
begin
  with TRtcDataServer(Sender) do
    if UpperCase(Request.FileName)='/TEST' then
      Accept;
end;

procedure TDataModule.OndpDemoCheckRequest(Sender: TRtcConnection);
begin
  with TRtcDataServer(Sender) do
    if UpperCase(Request.FileName)='/DEMO' then
      Accept;
end;

procedure TDataModule.OndpTestDataReceived(Sender: TRtcConnection);
begin
 with TRtcDataServer(Sender) do
 begin
  if FindSession(Request.Cookie['Session']) = False then
  begin
    OpenSession(sesIPFwdLock);
    Session.FinalExpire := (Now + ((1 / 1440) * 120));
    Session.KeepAlive := 240;
    Response.Cookie['Session'] := Session.ID;   
    Write('Session created on dpTest');
  end
  else Write('Session exist on dpTest');
 end;
end;

procedure TDataModule.OndpDemoDataReceived(Sender: TRtcConnection);
begin
 with TRtcDataServer(Sender) do
 begin
  if FindSession(Request.Cookie['Session']) = False then
  begin
    OpenSession(sesIPFwdLock);
    Session.FinalExpire := (Now + ((1 / 1440) * 120));
    Session.KeepAlive := 240;
    Response.Cookie['Session'] := Session.ID;   
    Write('Session created on dpDemo');
  end
  else Write('Session exist on dpDemo');
 end;
end;

[D.Tkalcec (RTC)]

Every time you call OpenSession, a new Session will be created with a unique Session ID. That's all there is to Session creation. After that, you need to send that ID to the Client (for example - by using the Response Cookie headers, like you did in your example). Then, the Client is in control of that Session ID and the Client will be sending the Session ID to the Server. There is nothing you can do on the Server to control which Session ID will be sent from the Client. This has to be handled on the Client side.

Best Regards,
Danijel Tkalcec