APPSRV Procedure
SESSION Statement
Controls how a session is administered by the Application
Server
Syntax
Optional Arguments
- INIT=program-name
-
specifies
programs to be run when a session is created and destroyed (including
those that expire by timing out). By default, no program is run at
the creation and destruction of a session. The program names referenced
here must be in the same format as the _PROGRAM variable. Also, the
libraries or files that contain these programs must be allocated in
a previous ALLOCATE statement.
- INVSESS=program-name
-
specifies a program
that is to be run in the place of the requested program if the session
that is specified by _SESSIONID does not exist. This can happen if
the session expired or if the session ID was modified by the client.
Two special macro variables are created for the invalid session program.
The _USERPROGRAM variable contains the name of the program that was
requested by the user. This is the value that is specified by the
_PROGRAM variable in the original request. The _INVSESSREASON variable
has NOSESSION
as its value, which means that
the session specified by _SESSIONID does not exist.
The invalid session
program can be used to display an informative response when a user
session has expired or is otherwise inaccessible. The response can
redirect the user to an application login screen, explain how to restart
the application, or provide a friendlier error message.
- TERM=program-name
-
specifies programs
to be run when a session is created and destroyed (including those
that expire by timing out). By default, no program is run at the creation
and destruction of a session. The program names referenced here must
be in the same format as the _PROGRAM variable. Also, the libraries
or files that contain these programs must be allocated in a previous
ALLOCATE statement.
Remember that when
you delete a session, it is marked for deletion only. A session is
not deleted until the cleanup routine runs. A user creates a session
only once throughout an application. The user can reuse the session,
but deletion of the session does not occur until the end of the application.
In the following example,
a user creates a session and then deletes that session. When the user
tries to create a new session in the same test program, they get a
warning.
testa.sas (creates session1 -> calls testb.sas)
testb.sas (uses session1 -> deletes session1 -> creates new session2)
The user cannot create session2, because session1 is still being
used. Furthermore, after a session is marked for deletion, another
user cannot access that same session, even before the cleanup process
runs.
- TIMEOUT=seconds
-
specifies the number
of seconds that elapse before a session expires. The default session
time-out is 900 (15 minutes). This value can be changed in a request
program by calling the Application Dispatcher APPSRVSET function.
An Application Server does not honor a pool service idle time-out
stop request from the Load Manager until all sessions have expired.
- MAXTIMEOUT=seconds
-
is the maximum number
of seconds that a time-out can be set to using the APPSRVSET function.
For more information about setting the session time-out from a request
program, see the SAS/IntrNet Application Dispatcher documentation
for the APPSRVSET function.
- VERIFY=(variable-1 <...variable-n>)
-
is a space-delimited
list of variable names. A session reconnect is a request for a _SESSIONID for an existing session. For enhanced
security, the Application Server can verify other request variables
in addition to validating the _SESSIONID for all session re-connects.
For example, the Application Server can ensure that the variable _RMTUSER
is the same for all session re-connects. This makes it more difficult
for one client to steal another client's URL and access the first
client's session information. Enclose the list of variables in parentheses.
Copyright © SAS Institute Inc. All rights reserved.