The psSession object allows you to keep track of user login information and other data that you want to make available to all the pages in your Web application during a user’s browser session. The psSession object also keeps track of user activity so that a user's session can be terminated if it becomes inactive.
The actual behavior of the session object depends on its implementation on each application server, but typically a session object is instantiated only if you try to access it. Session variables are properties of the psSession object. You create properties as you need them simply by setting them in a server script. For complete information about session objects, see the documentation for your application server.
The psSession object handles the lifespan of the session as well as session variables. When the user does not access the server for a specified number of minutes, the session times out. If you use the psSession object to manage user login information, the login information disappears when the user is inactive for the specified amount of time.
Ending a session One way to implement a timeout is by destroying the psSession object on the application server so that the psSession object and its properties no longer exist until you set new properties. If you query a property after the session ends, the GetValue method on the session object returns null. Pages that rely on shared information must handle the disappearance of that information. If your page gets values of psSession properties, your code should check for null and handle the situation of an expired session.
Changing the length of a session You can change the length of a session either in the server configuration or dynamically in a script. The server's own session object stores the session length in its timeout property. You can change the lifespan of a session by:
Setting the server’s timeout property using a psSession object
Writing code that uses the correct property name for the server
Writing conditional code tailored to each server you want to support
You create a session variable with the SetValue method. This method creates the variable, if necessary, and sets the variable's value. If the psSession object does not exist, calling this method instantiates it. Creating the psSession object triggers timeout management.
Example: creating a session variable This script sets the value of the userid and password session variables:
psSession.SetValue("Userid", "jdoe"); psSession.SetValue("password", "mydogsname");
For a Web site target, you can also set the timeout property in server script, but the case-sensitive code you use depends on your deployment platform.
Example: specifying the application server This code uses the ObjectModelType method to determine the current application server and sets the timeout property as named on that server:
if (psServer.ObjectModelType() == "ASP")
{
psSession.SetValue("Timeout", 30);
}
else if (psServer.ObjectModelType() == "JSPObject")
{
psSession.SetValue("timeOut", 30);
}
For a JSP target, the server timeout value is set in the web.xml file for the target. You can modify this on the JSP Options page of the Deployment Configuration Properties dialog box for the target. To change the timeout dynamically in a JSP session, you can call the setMaxInactiveInterval method on the session object:
session.setMaxInactiveInterval(1800);
The web.xml value for the session timeout is in minutes, whereas the value for the argument used by the setMaxInterval method is in seconds.
The GetValue method gets a value from a property of the psSession object. If the property does not exist, GetValue returns null. The property does not exist if the session has timed out.
Example: getting a session variable This code gets the user's ID. If the ID does not exist, the user is redirected to the login.htm page.
In a real application, you would want to explain to the user what happened.
curruser = psSession.GetValue("Userid");
if (curruser == null)
{
psDocument.Redirect("login.htm");
}
