4.3.8 Session States
A session can be in one of four states:
State |
Meaning |
Invalid |
The session key used to identify the session is not provided, or it does not match any session key the server knows about |
Expired |
The session key identifies a valid session, however the previous request from the same session has exceeded the SessionTimeout period. |
Active |
The session key identifies a known valid session and the last request from the same server was within the SessionTimeout period. |
None |
Used declaratively at design time to denote WEBROUTINEs that can execute without a valid session context. If SessionStatus is set to Active at WAM level, you must have at least one WEBROUTINE with OnEntry(*SessionStatus_None) keyword to allow entry to the WAM application to create a new session, via this WEBROUTINE. |
Conceptually invalid or expired sessions are treated the same. They are both session statuses that prevent execution of WEBROUTINEs that require a valid session context (i.e. WEBROUTINEs with a SessionStatus property set to Active).
A WAM is able to handle invalid or expired sessions by providing a SessionInvalid event handler. This handler can TRANSFER to another WEBROUTINE or perform some other action to handle invalid or expired sessions. SessionInvalid handler removes the need for every WEBROUTINE to perform checks to verify session (if your application requires one). All session checking is done at WAM level and the SessionInvalid event is triggered to allow the WAM to customize invalid session handling.
If a SessionInvalid handler is not provided, the standard WAM invalid session page is returned to the browser.
When a session has expired, session state is not deleted from the session database immediately. This technique is used to reduce load on the server at peak times. The Transaction Monitor performs periodic cleanup of expired session states. It is also possible to turn off periodic cleanup and schedule cleanup to be performed at designated off-peak times.