Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SESSION ID NUMBER

0 views
Skip to first unread message

hector_juarez

unread,
Feb 23, 2004, 12:30:17 PM2/23/04
to
I NEED TO KNOW HOW IS GENERATED THE SESSION ID NUMBER,
RETURNED BY getSessionID FUNCTION (CtsSecurity\SessionInfo
COMPONENT). IT'S A 16 CHARACTER STRING AND SEEMS TO BE AN
ALPHANUMERIC NUMBER. I SEE THAT THE THREE FIRST DIGITS NEVER
CHANGE IN DIFFERENTS APPLICATIONS AND EASERVERS. SOMEONE CAN
BRING ME MORE INFORMATION ABOUT THE STRUCTURE OF THIS
NUMBER???
THANKS!!

Mark Maslow

unread,
Feb 23, 2004, 4:35:00 PM2/23/04
to
I think you got the answer to your question several weeks ago:

I've been told that it is based on
* Client IP
* Client certificate if there is a secured session
* User name

If you are accessing all of the applications and servers from the same
client, it would make sense that there would be something common about
the sessionId.

Do you have an actual problem? Why do you need to know this? What are
you trying to accomplish?

In article <403a38a8.29...@sybase.com>, HECTOR JUAREZ says...

hector_juarez

unread,
Feb 24, 2004, 2:01:55 PM2/24/04
to
thanks, i need to create specific tables for each
applications.
this tables are for simulate a "temp table (#)", in some
cases i can´t use this kind of tables because i don´t
have a unique connection (i have a connection's cache ) and
the components that i use are stateless.
In a 2-tier environment i can create a temp table in a
window and then insert data on it, then retrieve a dw that
have a select of the temp, etc....
In a n-tier environment i can´t do this kind of things,
therefore i must to create an auxiliar table (i create it in
tempdb) for simulate the funcionality of temp tables.
For make unique per application this table i create using
the session id and a name, but i only need the blocks of the
session id that always change per application, in the same
client and in differents clients.

i hope that you understand me...

Mark Maslow

unread,
Feb 24, 2004, 3:16:49 PM2/24/04
to
I will describe an app that I've had working for some time that I
believe has a mechanism that addresses your issue.

This app allows users to issue custom queries against a database and
scroll through the results, or save the results to one of several report
or file formats.

When the user first logs in, they call a function on EAServer that
returns a unique number. The number is just a random number generated
by the server component which is guaranteed to not belong to any other
active session. The number is stored on a database table, along with
the time it was created. This number is passed by the user in
subsequent calls, and the time last accessed is updated on the database.
If the session has timed out, then the user gets an error and has to log
in again. When the user issues their custom query, the result keys are
saved in a table that includes the session number as part of the name.
So when they need to access the saved keys, the session number is used
to figure out the table to access.

When the user logs out, the session information and "temporary" table
are removed from the database. But, since you can't always count on
users logging themselves out, especially in a web environment, there is
a background job that runs periodically looking for sessions that have
not been accessed for a period of time, and the session information is
removed.

A simple, and common mechanism for saving session state in 3-tier apps,
that does not rely on any EAServer internals.

In article <403b9fb0.2e...@sybase.com>, HECTOR JUAREZ says...

0 new messages