The Web is a stateless
environment. That means that the second request to a server knows
nothing of the first request. This creates a simple environment for
client/server developers, but it is difficult for application programmers.
Often, programmers want to maintain certain information from one request
to the next. This is known as maintaining state. Sessions provide
a convenient way to maintain state across multiple requests.
A
session is the data that is saved from one program execution to the next.
It consists of macro variables and library members (data sets and
catalogs) that the user program has explicitly saved. The session
data is scoped so that all users have independent sessions. Sessions
cannot be shared across multiple Application Servers.
To use this mechanism,
the user program must explicitly create a session. This is done with
the APPSRV_SESSION function. To create a session you run this code:
In macro
%let rc=%sysfunc(appsrv_session(create));
In data step or SCL
rc=appsrv_session('create');Creating a session causes
the automatic variables _THISSESSION, _REPLAY, and _SESSIONID to be
set with values that reflect the current session ID. These variables
can be used to construct URLs or HTML forms that run a new request
program in the same session.
A session saves all
global macro variables whose names begin with SAVE_. For example,
the statements
%global save_mytext;
%let save_mytext="Text to be saved for the life of the session";
cause the macro variable
save_mytext to
be available in later request programs that share the same session.
Data sets and catalogs
can also be saved across program requests. Once the session has been
created, a library named SAVE is created. By creating or copying data
sets and catalogs to this library, the user program can rely on them
being there the next time a request is made that uses this session.
Sessions have an expiration
time associated with them. Options in the APPSRV procedure set the
default and maximum session expiration times. The expiration of an
individual session can be set within the maximum time allowed by calling
the APPSRVSET function as shown below
In macro
%let rc=%sysfunc(appsrvset(session timeout,300));
In DATA step or SCL
rc=appsrvset('session timeout',300);where the number
supplied is the number of seconds the session should last beyond the
time that it was created. Once the session has expired, the server
deletes all session data from memory and from disk.
A session can be explicitly
destroyed like this:
In macro
%let rc=%sysfunc(appsrv_session(delete));
In DATA step or SCL
rc=appsrv_session('delete');Submitting this code
does not immediately destroy the session. The session is marked for
deletion only at the time this procedure runs. A session is not deleted
until the cleanup routine runs. After the request program completes,
the session is placed in the queue to be deleted.
A user creates a session
only once throughout an application. The user does reuse the session,
but deletion of the session does not occur until the end of the application.
For example, in the
example below, a user who tries to create a session and then later
delete that session and then try to create a new session in the same
test program would get a warning.
testa.sas (creates session1 -> calls testb.sas)
testb.sas (uses session1 -> deletes session1 -> creates new session2)
The user cannot create
session2, because session1 is still being used. Even after a session
is marked for deletion, another user cannot access that same session,
even before the cleanup process runs.