Sessions

The Web is a stateless environment. That means that the second request to a server knows nothing of the first request. This creates a simple environment for client/server developers, but it is difficult for application programmers. Often, programmers want to maintain certain information from one request to the next. This is known as maintaining state. Sessions provide a convenient way to maintain state across multiple requests.
A session is the data that is saved from one program execution to the next. It consists of macro variables and library members (data sets and catalogs) that the user program has explicitly saved. The session data is scoped so that all users have independent sessions. Sessions cannot be shared across multiple Application Servers.
To use this mechanism, the user program must explicitly create a session. This is done with the APPSRV_SESSION function. To create a session you run this code:
In macro
%let rc=%sysfunc(appsrv_session(create));

In data step or SCL
rc=appsrv_session('create');
Creating a session causes the automatic variables _THISSESSION, _REPLAY, and _SESSIONID to be set with values that reflect the current session ID. These variables can be used to construct URLs or HTML forms that run a new request program in the same session.
A session saves all global macro variables whose names begin with SAVE_. For example, the statements
%global save_mytext;
%let save_mytext="Text to be saved for the life of the session";
cause the macro variable save_mytext to be available in later request programs that share the same session.
Data sets and catalogs can also be saved across program requests. Once the session has been created, a library named SAVE is created. By creating or copying data sets and catalogs to this library, the user program can rely on them being there the next time a request is made that uses this session.
Sessions have an expiration time associated with them. Options in the APPSRV procedure set the default and maximum session expiration times. The expiration of an individual session can be set within the maximum time allowed by calling the APPSRVSET function as shown below
In macro
%let rc=%sysfunc(appsrvset(session timeout,300));

In DATA step or SCL
rc=appsrvset('session timeout',300);
where the number supplied is the number of seconds the session should last beyond the time that it was created. Once the session has expired, the server deletes all session data from memory and from disk.
A session can be explicitly destroyed like this:
In macro
%let rc=%sysfunc(appsrv_session(delete));

In DATA step or SCL
rc=appsrv_session('delete');
Submitting this code does not immediately destroy the session. The session is marked for deletion only at the time this procedure runs. A session is not deleted until the cleanup routine runs. After the request program completes, the session is placed in the queue to be deleted.
A user creates a session only once throughout an application. The user does reuse the session, but deletion of the session does not occur until the end of the application.
For example, in the example below, a user who tries to create a session and then later delete that session and then try to create a new session in the same test program would get a warning.
testa.sas (creates session1 -> calls testb.sas)
testb.sas (uses session1 -> deletes session1 -> creates new session2)
The user cannot create session2, because session1 is still being used. Even after a session is marked for deletion, another user cannot access that same session, even before the cleanup process runs.
See Using Sessions: A Sample Web Application for a demonstration of some of the features of Application Dispatcher sessions.