· Oct 31, 2022

Using %session with /api/mgmnt/ Service generated classes

Sessions and specifically %session are paramount to our application to login users to the application (the Web Gateway user logs into the server and then users login to the application).  

When using /api/mgmnt/v2 to implement a spec first approach to REST API development, I am unclear how I can utilize sessions (i.e. %session) to work with our existing model (and I'm sure there are indeed better ways to do this, but we are just baby stepping right now). Much of the documentation say to make sure UseSession=1 in the dispatch class is set, which I've accomplished.  This seemed hopeful because when using /api/mgmt, the generated disp.cls extends %CSP.Rest which then provides the %session var.  However, the documentation is clear to not edit that class and only touch the impl.cls.  This class extends %REST so it doesn't seem to know or care about %CSP.Rest or %session (however, the disp.cls does call it).  Is there a way to bring this %session var into play since disp.cls calls impl.cls (without modifying disp.cls)?

I have read an article here that mentioned sessions in this context are only good for authentication (not data) however, I think that article meant authenticating into the IRIS server.  I am trying to authenticate into our application and keep our user alive (and, well, keep some session data alive too).

I realize it's not quite the paradigm for REST but I'm trying to move the needle without rewriting the whole thing or completely changing how we do things today.

$ZV: IRIS for Windows (x86-64) 2020.1.1 (Build 408U) Sun Mar 21 2021 22:04:09 EDT
Discussion (11)1
Log in or sign up to continue

I suppose another way of stating the issue.  The doc says you might want to use sessions to:

  • Preserve data across REST calls — in some cases, preserving data across REST calls may be necessary to efficiently meet your business requirements.

Well, I'm not finding an easy way to do this using spec first dev because the %session variable is undefined in the generated impl.cls. Even when I extend impl.cls to use %CSP.REST.  

@Eduard Lebedyuk I did catch one article you wrote that said sessions are basically only good for authentication (I assume you just meeting keep one logged into the IRIS server over the session), however since the doc does mention preserving data, I would like to see if I can utilize that feature.

For now I've reverted to the manual creation of rest services which now allows me the %session variable to use.

Without pasting a ton of code here, the basic question is can you utilize the %session variable when using /api/mgmnt/?  When UseSession is set to true, the use to %session results in error.

I'm aware that REST by definition doesn't use sessions, but our existing application does use %session for authentication and other data and the idea is to take a "first step" into REST without totally redesigning everything.

Tha said here's a small example of what I've played with:

The idea was that the client would have previously called a Login API to log the user in and setup %session.  Future API calls would use the %session variable to validate user access.  This is similar to how our web application works today.

From the documentation (even better docs):

1. Open the spec class.

2. Add

Parameter UseSession As BOOLEAN = 1;

3. Recompile the spec class.

4. Now your disp class has the same parameter and you can use sessions in your impl class.

If you need a larger change than adding a parameter to a dispatcher class, do this (docs):

1. Create a custom subclass of %CSP.REST, i.e. test.REST.
2. Modify your swagger spec by adding x-ISC_DispatchParent:


3. Recompile.

Now your disp class extends test.REST and you can modify anything there.

@Eduard Lebedyuk I get the sense that you think I'm not reading the documentation since you've linked it on this thread about three times. 

I promise, I really am trying to do my due diligence and I have been reading the online documentation, so I'm sorry if I've frustrated you.

While testing, I see I can easily set %session.Data to hold data I want to preserve.  I guess the issue I'm having boils down to how do you preserve that across REST calls?  Obviously step one is setting UseSession=1.

Using Postman I see I'm returned cookies that hold session paths and ID after making a call:

So maybe the question I'm trying to ask is, how, on my next API call can I use that session path in the cookie that may, for example, verify that a user has logged in to my system?

I understand this isn't ideal, but it's how the system work at the moment.

While testing, I see I can easily set %session.Data to hold data I want to preserve.  

No problem! I thought you were having issues with that part.

how, on my next API call can I use that session  

You just need to supply the cookies CSPSESSIONID and CSPWSERVERID. With that you'll have the same session. In browsers (and I think in postman) that's automatic, so you don't have to do anything. It should work out of the box as long as you have UseSession set to 1.