Page History
...
The following is an example of a typical WAM which a manages a session:
FUNCTION OPTIONS FUNCTION OPTIONS(*DIRECT)
BEGIN_COM ROLECOM ROLE(*EXTENDS #PRIMEXTENDS #PRIM_WAM) SESSIONSTATUS SESSIONSTATUS(Active) SESSIONTIMEOUT SESSIONTIMEOUT(300)
*The following line declares Session state #CUSTNAME field
WEB_MAP FOR
*The following line declares Session state #CUSTNAME field
WEB_MAP FOR(*NONE) FIELDS FIELDS(#CUSTNAME) OPTIONS OPTIONS(*PERSIST)
WEBROUTINE NAME
WEBROUTINE NAME(Start) DESC DESC('Initial PageInitial Page') OnEntry OnEntry(*SessionStatus_None)
WEB_MAP FORMAP FOR(*OUTPUT) FIELDS(#USERID #PASSWORD FIELDS(#USERID #PASSWORD)
ENDROUTINE
WEBROUTINE NAME
WEBROUTINE NAME(Logon) DESC DESC('Logon PageLogon Page') OnEntry OnEntry(*SessionStatus_None)
WEB_MAP FORMAP FOR(*INPUT) FIELDS(#USERID #PASSWORD FIELDS(#USERID #PASSWORD)
…
* Some authentication logic, if authentication fails can TRANSFER back to Start page * Some authentication logic, if authentication fails can TRANSFER back to Start page
* The following line will create a session, when WEBROUTINE exits
* The following line will create a session, when WEBROUTINE exits
#COM_SELF.SessionStatus SessionStatus := Active Active
TRANSFER TOROUTINE
TRANSFER TOROUTINE(WelcomePage)
ENDROUTINE
WEBROUTINE NAME
WEBROUTINE NAME(WelcomePage) DESC DESC('Welcome PageWelcome Page')
ENDROUTINE
WEBROUTINE NAME
WEBROUTINE NAME(Logoff) DESC DESC('Logoff pageLogoff page')
#COM_SELF.SessionStatus SessionStatus := Invalid Invalid
ENDROUTINE
* The following event handler will handle invalid sessions and
* TRANSFER back to starting page, for logon
EVTROUTINE HANDLING
* The following event handler will handle invalid sessions and
* TRANSFER back to starting page, for logon
EVTROUTINE HANDLING(#COM_OWNER.SessionInvalid) OPTIONS OPTIONS(*NOCLEARMESSAGES NOCLEARMESSAGES *NOCLEARERRORS)
TRANSFER TOROUTINE TRANSFER TOROUTINE(Start)
ENDROUTINE
END_COM
- SessionStatus is set to Active. By default ,WEBROUTINEs in this WAM require a session to be valid before they are executed. SessionTimeout is 5 minutes.
- Two WEBROUTINEs, Start and Logon, override SessionStatus to None, by using OnEntry(*SessionStatus_None) keyword. The Start WEBROUTINE presents a page requesting logon details. Since this is an initial page, it must be executed whether there is a valid session or not. Hence, a SessionStatus of None.
- Logon WEBROUTINE is invoked from a Start page, when a button to logon is pressed. At this point, there is still no valid session so this WEBROUTINE must also be allowed to execute without a session.
- Logon validates the user id and password and, if valid, sets SessionStatus to Active. Setting SessionStatus from None to Active will create a new session when Logon WEBROUTINE exits.
- Logon WEBROUTINE performs a TRANSFER to WelcomPage WEBROUTINE. We now have an Active session, so WelcomePage is allowed to execute (it requires an Active session). When WelcomePage exits, a session key for the new session is passed back to the browser. This session key will be returned from now on for every new WEBROUTINE request from the same browser and allows the server to identify the session.
- There is also a SessionInvalid handler which simply TRANSFERs to Start page. This handler is invoked whenever there is an attempt to invoke a WEBROUTINE with a non-existent or invalid session key or when a valid session key is provided but the session has expired (no requests for more than 5 minutes). When a session is invalid or expired, a Start page requesting user id and password is always displayed in the browser.
- You can also provide a Logout button or menu in your WAM application so the session is explicitly invalidated. In such circumstances, the button invokes a Logoff WEBROUTINE, which sets SessionStatus to Invalid and invalidates the session on WEBROUTINE exit.