Hello,
Just want to track user activity writing the session id on the requestlog data record could be a solution. But I found not way to do it with the REQUEST Object ?
The method that handles non-error loggin is wwServer::LogRequest
and you can override that in your server implementation to potentially capture additional data to log out although I'm not sure offhand how you'd gain access to the active Session object. You have access to this.oRequest
but not the active Process because that's actually gone by the time the logging happens. You'd have to store the SessionId somewhere to pick up during logging. Maybe add a property explicitly to the request object where ever the session gets initially set:
Something like this perhaps:
*** in your Process class
FUNCTION OnProcessInit()
THIS.InitSession()
this.oRequest.AddProperty("cSessionId",this.oSession.cSessionId)
...
ENDFUNC
+++ Rick ---
Thank you, yes I see the process is trigger by a timer. If you are not sure it works there is maybe a way to get the reqid of the requestlog table as a property of the REQUEST object to write directly the sessionid in the requestlog table from the PROCESS object ?
wwRequest::GetRequestId()
?
Sounds appropriate ... Tks
Here is how I finaly implement it
THIS.LogActivity(REQUEST.GetRequestId(),THIS.oSession.cSessionId,THIS.cPage,THIS.cAuthenticatedUserId)
But I see a strange behavior, why is the session Id changed when user logout ? I stay on the same browser just login / logout as you see here
Hello, it seems the session expires in the Authenticate logout when THIS.cAuthenticationMode == "UserSecurity"
Is it ok to subclass and remove the session expires in "UserSecurity" mode ?
You can set the expiry value really high to cause the session not to expire. It's a simple matter of subclassing and resetting the expiration default value.
You're meant to subclass wwUserSecurity
for custom implementations and then specify the wwProcess::cAuthenticationUserSecurityClass
in your Process class.
+++ Rick ---
Sorry but I am not sure you see the previous message about the logout who's kill the previous sessionid so we lose the trace of this user activity after logout
Well, if you explicitly log out you should by all means disconnect from the session. What else does Logout mean otherwise? The whole point of a Session is to track a user through a session, which is what ends when you log out.
But as you mention you can certainly accomplish this by simply marking the session as expired (ie. set the expiry date in the past) rather than clearing the session cookie as is the default (and expected) behavior.
+++ Rick ---
Hello, this reply is only to "think about"
The problem is if we close the session when the user log out we lose the contact with users "preferences". In your fox webshop the shoppingcard is lost .. With the user activity table the user logout is done on the server side not on the client side.
IF UPPER(lcValidUserName) == "LOGOUT" .AND. THIS.cAuthenticationMode == "UserSecurity"
THIS.lEnableSessionState = .T. && ensure that session exists
SESSION.SetSessionVar(THIS.cAuthenticationUserSecurityKey,"")
SESSION.SetSessionVar(THIS.cAuthenticationUserSecurityKey + "Name","")
*** Don't expire cookie
*-* THIS.oResponse.AddCookie(THIS.cSessionKey,"","/",MimeDateTime(DATE()-1))
*-* THIS.oResponse.AppendHeader("Authorization","")
RETURN .T.
ELSE
RETURN DODEFAULT(lcValidUserName,@rcErrorMessage,llNoForcedLogin)
ENDIF