Company Products Services Licensing Where-to-buy Contact



In this project, the functionality related to the TISAPIDispatcher component sessions is used to identify users. User information, name, password and level of authorisation are stored in the fruser.db table, and the currently active sessions in the frsession.db table. ISAPIDispatcher1 OndefaultRequest event uses the TfmLogin form to create the user login HTML. The same form is used for frequent asking of the login information, if the information received from the user does not match with any of the users recorded in the database. In this case the variable of the TfmLogin form is set WrongUser=true and the variable is checked in the FRLabel3 "User not found!" DoInsert event to add the relevant message to the form.

In the OnAction event of the WebModul's aiLogin component the user information is checked using quFindUser query and, depending on the result, either the user is required to the username and password, or the required session is created using SAPIDispatcher1.CreateSession().

The CreateSession() method of the TISAPIDispatcher component generates a new session identifier string (20 char long), verifies its uniqueness using OnCheckSessionID, and if it turns out that the generated identifier string is unique, the OnActivateSession event is started. In this event we store the session information in the frsession.db table. As CreateSession does not activate the session, we use the ActivateSession method after the session has been created.

Using a cookie, the session identifier string is sent to the server during next request from the same browser. The existence of the session is verified using OnCheckSessionID event, and if it turns out that such session exists, the OnActivateSession event is activated. In the OnActivateSession event we use the ActivateSession method that sets the local variables UserName and UserLevel of theWebModule with corresponding values of the session and this way makes them available to other methods.

To create session "time-out", we use the field LastAct in the frsession.db table, where we write the current time of session activation. To delete the expired sessions from the table, we use the query quDeleteTimeout that we activate in the OnCheckSessionID event before checking the actual session.

After login a HTML document containing a FRAMESET is generated using the fmMainFrames module. This module contains only one TFRStaticText component the Lines property of which contains the relevant HTML text. In order the session to be closed also in the case the user closes the browser or moves to another URL, the HTML contains JavaScript functions Loading() and UnLoading() that function as ONLOAD and ONUNLOAD event handlers of the document. The TFRStaticText Lines property contains the tag that are replaced with a relevant server variable in the OnTag event. The SRCs of the FRAMESET panes are "/leftmenu" and "/welcome", which activate the relevant ActionItems in our .dll.

ActionItem aiLeftMenu corresponds to the request leftmenu. In the OnAction event of the aiLeftMenu a menu is generated on the left pane using the module fmLeftMenu. ActionItem aiWelcome corresponds to the request welcome. In the OnAction event of the aiWelcome a welcome text is generated on the right-hand pane using the module fmWelcome. The module fmWelcome is also used to generate responses to forlevel1 and forlevel2 requests with limited user rights. In this case the message regarding the level of user rights is added in the FRStaticText1 OnTag event.

ActionItems aiForLevel1 and aiForLevel2 correspond to queries forlevel1 and forlevel2. In the OnCheckUserRights event of aiForLevel1 and aiForLevel2 the level of user rights is checked. The relevant variable UserLevel is set in the ActivateSession() function.

The request CloseNormal corresponds to the Exit link on the left pane. The query is processed in the aiCloseNormal OnAction event. The request is created by the JavaScript function CloseAll(), which sets the Closed=1 variable in the browser's parent window, thus disabling the automatic termination of a session by the ONUNLOAD handler UnLoading() of the FRAMESET document in the parent window. If the user closes the browser or moves to another URL without terminating the session using the Exit link, the ONUNLOAD handler UnLoading() of the FRAMESET document in the parent window generates the CloseUnload request processed by aiCloseUnload. Both aiCloseUnload and aiCloseNormal OnAction event use the fmClose module with the help of the CloseForm function. The fmClose module variable NormalExit is used to manage the FRLabel1DoInsert event.