Skip to main content

Ending Sessions

Within an InterSystems IRIS® data platform CSP-based web application, a session can end because the user logs out, because the server ends the session explicitly, or because the session times out.

Provide Logout Option

The standard practice is to provide a link or a button with which the user can log out.

The recommended practice is to define this link or button so that it links to the application home page and to include IrisLogout=end in the link URL. This server then ends the current session before it attempts to run the home page.

Have the Server End the Session

From within the application, you can end a session explicitly, in the following ways:

  • End the session (for example, if the client is stopped or navigates to a new site):

     set %session.EndSession=1
  • Log the user out:

     do %session.Logout()

These techniques use the %session object that is available on the server; this is an instance of %CSP.SessionOpens in a new tab.

Session Timeout

In session timeout, a session ends because it did not receive any requests within the specified session timeout period.

By default, the session timeout is set to 900 seconds (15 minutes). This is controlled by the web application definition.

Modifying the Timeout Programmatically

From within the application, you can modify the timeout by setting the AppTimeout property of the %session object. For example:

 Set %session.AppTimeout = 3600 // set timeout to 1 hour

To disable session timeouts, set the timeout value to 0.

Note that if a session changes web applications during its life span, its timeout value will not be updated according to the default timeout defined in the application that the session moved into. For example, if a session starts out in web application A, with a default timeout of 900 seconds, and then moves into web application B, which has a default timeout of 1800 seconds, the session will still timeout after 900 seconds.

If you want an application change to result in the session timeout being updated to that of the new application, define a session event class. In that class, override the OnApplicationChange() callback method, and add code to handle the update of the AppTimeout property of the %session object.

Customizing End Behavior

To customize what happens when a session ends, define a session event class and implement the OnEndSession() callback method of that class.

Similarly, to customize what happens when a session timeout occurs, define a session event class and implement the OnTimeout() callback method of that class.

Session End Details

When a session ends, the server deletes the persistent %CSP.SessionOpens in a new tab object and decrements the session license count, if appropriate.

The server also deletes existing session data and removes the security context of the session.

If the session ended because of a timeout or server action, the server also calls the OnEndSession() method of the session event class (if it is present).

FeedbackOpens in a new tab