Session / WebApplication

Session / WebApplication

Working with WebApplicationAccessing TIWApplication instance

WebApplication Property of the Form:

In any event or method of your forms you can simply use WebApplication which will reference the form’s WebApplication property. This will meet the requirements in nearly all cases. However some notable exceptions where this property is not accessible are global procedures, TFrames, data modules and non IntraWeb classes.

WebApplication Property of a Control:

The base IntraWeb control also contains a WebApplication property that can be used when writing custom controls.

WebApplication Property of UserSession:

From IntraWeb version 14.0.13, UserSession also contains a WebApplication property. You must check this property for nil value before using it.

WebApplication ThreadVar:

In code that is not contained inside of an IntraWeb form or component, the threadvar version can be accessed: you can do it using the GGetWebApplicationThreadVar, which is defined in the unit IWApplication. Ex: GGetWebApplicationThreadVar.PropertyName. This is especially useful in global procedures.

Lifetime of TIWApplication instance

A users session is automatically managed by IntaWeb. When a new session is started IntaWeb will create a new instance of a TIWApplication for the user and track it automatically. It can then be used to acquire information about the user, control the users
session, or store additional information. No management on the developers part is required to implement session management, or to track the user.

A session exists until it is manually terminated by calling one of TIWApplication’s terminate methods, or a timeout occurs. If a user does not access the application within a given time period, initially defined by ServerController.SessionTimeout property, the user’s
session will be destroyed by a background thread. The default timeout period is 10 minutes, but can be adjusted by changing the SessionTimeout property in the applications ServerController.

Notes:

  1. To store session related variables, create members of the TUserSession class.
  2. Do not work with variables declared in the var section, as these are global to all threads and won’t reflect session data properly.

Implementation

Sessions are managed automatically by IntaWeb application. Sessions are stored in memory on the server and therefore are secure from users who may attempt to modify the session data. IntraWeb uses HTTP cookies to manage session tracking, so cookies must be enabled in user’s browser.

Each session is assigned a unique session ID that is used to identify the session. The session ID is constructed in a secure manner so that session IDs are not predictable and thus prone to hacking. In addition each session is tied to the users browser and if another browser is detected attempting to use the same session an error will be returned.

See also

TIWApplication class reference