Session information

Value resolver – Abstract
Purpose: Returns the 'Session information' object for the current session.
Tooltip
Usage: The value resolver returns a 'Session Information' object with data about login context, browser, client and the session itself. The input value is ignored.
Note: The session data is partially provided in the additionalData field via a map. This map can be enriched with specific data in advance of a login via the 'Initialize additional session data' event, to which read access then exists within the session.

images/download/attachments/91138138/image2022-3-3_11-41-19-version-1-modificationdate-1646304079203-api-v2.png

The Session information value resolver returns an entity of the 'Session information' type containing information about the current session or a login context temporarily changed by the Run as event action.

►NOTE◄ The map can be enriched with specific additional content for the session in the additionalData field via the event 'Initialize additional session data' (see Login (Events)).The 'Session information' object can only be accessed in read-only mode within a session.

The following table shows the content of the 'Session information' object structured by subjects. This also includes information that can be accessed directly via other value resolvers of the Session based (Resolvers) category.

In combination with the immediate field contents, the table also lists (with light blue shading) content that can be found under predefined keys in a map for 'Additional session data' (in the additionalData field).

Subject	Field name/Map[ Key ]	Data type	Content
Entity
Session information	`id`	Long	Internal ID of the 'Session information' object
Formally available but only assigned with default value: `created (null), creatorId (0), ownerId (0), partialLoaded (false)`
Login context
Temporarily variable by Run as event action:
User	`user`	'Interface > User'	User of session; depending on the type of session, a user or guest user account (see Users, Guest users).
Company	`currentOwner`	'Interface > Owner'	Company of session; a company account (see Companies/Clients).
Company	`additionalData[ parentCopmanies ]`	Long[]	List of IDs of all Companies/Clients directly or indirectly superordinated to the Company of session.
Role	`currentRole`	'Interface > Roles'	Role of session (see Roles).
	`permissionTree`	'Permission tree'	Permissions of the Role of session as a tree structure.
	`additionalData[ parentRoles ]`	Long[]	List of IDs of all directly or indirectly parent Roles of the Role of session.
Not influenced by the Run as event action (update only when a session is logged in):
Locale	locale	String	Current locale
Time zone (not applicable for Guest users)	`additionalData[ userTimeZone ]`	String	Name of the '`default time zone`' (defaultTimeZone) applicable in the session, according to the logged in user account or company account: When both accounts define a different 'Default time zone', the specification in the user account has priority. When neither of the two accounts defines a 'Default time zone', then the default time zone of the server effectively takes effect in the system. However, 'no value' (`null`) is specified as `userTimeZone`.
Text modules (not applicable for Guest users) These text modules were introduced for the original `FLEX` client type.They may still be used, but they are not relevant for the client type `HTML5_DESKTOP`, which is used from version 4 of Lobster Data Platform / Orchestration onward.	`additionalData[ welcomeText ]`	String	Concatenation of the following fields from the address of the logged in user account (`user.address`) separated by spaces: Salutation (`salutation`) Name 1 (`name1`) Name 2 (`name2`)
	`additionalData[ welcomeTooltip ]`	String	Concatenation of fields from the actual login context (user, role, company) according to the following structure: `{user.address.name1} {user.address.name2} ({user.id})` `{currentRole.roleName}{currentOwner.address.name1} ({currentOwner.id})`
Client/Browser information
Client & browser	`clientType`	String	'Client type' (see Sessions); mostly: `HTML5_DESKTOP`
	`dmzInfo`	String	IP addresse of the DMZ
	`hostInfo`	String	IP address of the client
	`userAgentName`	String	Browser identifier.
	`userAgentVersion`	String	Browser version identifier.
	`additionalData[ $client-id$ ]`	String	Client endpoint ID.
	`additionalData[ isMobile ]`	Boolean	Indicator for 'mobile' session (see Is mobile).
Session information
Session	`sessionToken`	String	Session token (unique for the session).
	`startTime`	Date	Start time of the current session.
	`lastAccess`	Date	'Last contact' to the server (see Sessions).
	`lastActivity`	Date	'Last activity' of the session on the server (see Sessions).
	`safeMode`	Boolean	Safe mode (safeMode) indicator.
	`additionalData[ authHandler ]`	String	Name of the specific class for the login type(user login, guest user login or portal login).
	`additionalData[ serverURL ]`	String	Base URL for calling the session (domain).
Additional session data
(see details above with blue shading)	`additionalData`	Map	Map with 'Additional session data' provided automatically by the system or before the start of the actual session via the 'Initialize additional session data' event.

Configuration

The Session information value resolver does not use any parameters and ignores the input value.

Example

In response to a specific Custom action event (XF_SESSION_DETAILS), a message with important information about the current session is displayed when a regular user (see Users) and not a guest user (see Guest users) is logged in.

Runtime example:

In the ribbon menu Administration/Data context a 'Session information' button is added in the context of selected views. This button is used to trigger the custom action event XF_SESSION_DETAILS 'on order'.

However, it can also be triggered automatically by other events (e.g. 'Client logged in', see Login (Events)) or within a workflow via the Dispatch action event.

An example of formatted output of specific data from the 'Session information' object is shown below on the right. Displayed here are:

CLIENT: Client type
BROWSER: Type and version of the browser used
SITE: URL used to log in the session
SESSION: Internal identifiers for the session
STARTED: Registration date
USER: User name and ID of the applicable user account
ROLE: Role name and ID of the applicable role
COMPANY: 'Name 1' from the address of the applicable company

►NOTE◄ USER, ROLE and COMPANY may differ from the actual session within a workflow if a temporarily different login context is defined via the Run as event action.

images/download/attachments/91138138/image2022-3-3_11-53-30-version-1-modificationdate-1646304810540-api-v2.png

images/download/attachments/91138138/image2022-3-3_11-39-41-version-1-modificationdate-1646303981917-api-v2.png

Configuration:

A Custom action event XF_SESSION_DETAILS is created and assigned as a Triggering event to the event handler shown on the right.

The Validating rule is intended to ensure that the 'Session Details' display is only executed when a 'full' user (and not, for example, a guest user) is logged in.

The message should also not appear if, within a guest user session, the XF_SESSION_DETAILS event is triggered by a workflow in which the User of session has been temporarily modified by Run as. Therefore, the rule must not refer to the User of session or to the user field in the return value of Session information.

Here, within an Entity property rule rule, an Object property value resolver reads the value to the authHandler key in the map that provides the Session information in the additionalData field. This refers exactly to the full name of the UserAuthenticationHandler class (see static text on the right of the image) if the session goes back to a 'user login'. So the Validating rule will not be passed if there is a 'Guest user login' (via GuestUserAuthenticationHandler) or a 'Portal login' (via PortalAuthenticationHandler).

images/download/attachments/91138138/image2022-3-3_11-54-51-version-1-modificationdate-1646304891908-api-v2.png

A Show alert (Popup) event action is configured here as the Action on passed rule:

The Type 'Alert' has been selected here so that the message is displayed for an indefinite period of time and the user can also acknowledge it by clicking 'OK'. Furthermore, the text displayed in the 'Alert' can be selected if necessary and copied to the clipboard of the operating system. This should be explicitly possible here – e.g. for sending the displayed data in an e-mail to the support team.
The Title for the 'alert' is provided here by the Triggering event value resolver.
In the Message, the Session information value resolver returns the 'Session information' object that contains all the data to be output. The structure of the message can therefore be defined quite easily via the Template value resolver. This interprets the core:SessionInformation object provided as input as a 'print object', whose data is prepared here using XPath expressions in conjunction with literal values.

►NOTE◄ In the example, the XPath expression for the value of the 'SITE' illustrates how accessing a value of the additionalData map via XPath (here via the serverURL key) works.

In place of the Template value resolver, a Concat strings could also be used here, which composes field values from the 'Session information' object in steps with static texts via Object property value resolvers. It should be noted that the field names (see also table above) in most cases, but not always completely, match the corresponding element or attribute names in the XML structure of the object. In the example, the XPath expression{@token} would be equivalent to accessing the sessionToken field of the object.

images/download/attachments/91138138/image2022-3-3_11-55-46-version-1-modificationdate-1646304946485-api-v2.png