State and Session Management

    What is a State?
        A state is the condition of all things at a given snapshot of time.  Remembering that HTTP is a stateless protocol (in other words the server doesn't remember you from one conversation to the next). The basic model is: Client contacts the server and requests something, the server responds with an html page and then disconnects the client-- End of conversation. If the client requests something else, it is a whole new conversation unless the client also reminds the server of everything (everything the client WANTS the server to remember) that has gone on before. This scenario also needs to consider that the number of concurrent users may be difficult to predict so the Web/Application server must be able to utilize shared resources and Users must be identifiable as new or current so that server resources for "inactive" users can be released and returned to the pool of available resources.

        In the "old" days of basic client/server type environments where the client and server had a "permanent" connection the users were easily identified by the server (connection number would do it). Applications ran on the client and it would maintain all the state information. Any connections to the database (DB) were unique to each client. With web based Applications the server is only aware of the client for brief periods of time (during the Web Event), there are no permanent connections to the server and users must reidentify themselves with every web event. The application runs on the server and the user has no private storage in which to put state information so the server must have a way to maintain session information (PE) and. DB connections are shared and reused by many clients.

        So what is State?
            It is information describing the current environment, like:

                   … whatever it is you want or need to track for the user.

        NetDynamics Server maintains the state for each session, this means that:

    What is Session?
        This is the workspace created by the Application server to store a user's state information. In the older scenario it would be stored in the application process space running on the client. With the Web based apps, this is on the server, because the app is on the server.  For NetDynamics all user state information is maintained on the server in the Persistence Engine (PE).  The Connection Processor (CP) retrieves the users session from the PE when a request form that user needs to be processed. When the request has been fulfilled, the CP puts that user's session back in the PE, then handles the next request from the next user.

        If the user enters a URL in their browser for a NetDynamics page a new session is created. But if one ND page loads another ND page they will be part of the same session. This means that if a user opens two browser windows for the same project, he will be two different users.
        The user is uniquely identified either with a SpiderSession value (one page to another) or through a hidden HTML field named SPIDERSESSION. The value of the field is encrypted for security and contains the user's session id and some other useful information for the ND App server.

        Session Events
            NetDynamics uses the following events to track sessions.
               You can monitor a session start and stop with session initialization/timeout events:
                   onNewSessionEvent
                         This is invoked for every new session, before display occurs
                   onSessionExpiringEvent

                  To allow you to retrieve the Session that has been targeted for expiration
                   onSessionTimeoutEvent
                        This is invoked when user returns with an expired session id in the request
                        Timeout = # of minutes a user can remain inactive before their session is expired
 

 Contents   The Event Model    NetDynamics Security