In the OnAction event of the WebModul's aiLogin component the user information is checked using quFindUser query and, depending on the result, either the user is required to the username and password, or the required session is created using SAPIDispatcher1.CreateSession().
The CreateSession() method of the TISAPIDispatcher component generates a new session identifier string (20 char long), verifies its uniqueness using OnCheckSessionID, and if it turns out that the generated identifier string is unique, the OnActivateSession event is started. In this event we store the session information in the frsession.db table. As CreateSession does not activate the session, we use the ActivateSession method after the session has been created.
Using a cookie, the session identifier string is sent to the server during next request from the same browser. The existence of the session is verified using OnCheckSessionID event, and if it turns out that such session exists, the OnActivateSession event is activated. In the OnActivateSession event we use the ActivateSession method that sets the local variables UserName and UserLevel of theWebModule with corresponding values of the session and this way makes them available to other methods.
To create session "time-out", we use the field LastAct in the frsession.db table, where we write the current time of session activation. To delete the expired sessions from the table, we use the query quDeleteTimeout that we activate in the OnCheckSessionID event before checking the actual session.
ActionItem aiLeftMenu corresponds to the request leftmenu. In the OnAction event of the aiLeftMenu a menu is generated on the left pane using the module fmLeftMenu. ActionItem aiWelcome corresponds to the request welcome. In the OnAction event of the aiWelcome a welcome text is generated on the right-hand pane using the module fmWelcome. The module fmWelcome is also used to generate responses to forlevel1 and forlevel2 requests with limited user rights. In this case the message regarding the level of user rights is added in the FRStaticText1 OnTag event.
ActionItems aiForLevel1 and aiForLevel2 correspond to queries forlevel1 and forlevel2. In the OnCheckUserRights event of aiForLevel1 and aiForLevel2 the level of user rights is checked. The relevant variable UserLevel is set in the ActivateSession() function.