Sculptor uses a session file to identify and control sessions between a web browser and the web server, inserting a record with a unique session ID whenever a new session is created. This is necessary because communication is not an ongoing dialogue between the browser and a single program running on the server. The web server runs a new program every time the user clicks on a link on a web page, so the program must send an updated page to the browser and then terminate. Special actions are therefore needed to create and control a session where there is an apparent dialogue between the browser and the server.
Session files are especially useful for creating shopping lists for individual users. The user can add items to their shopping list any time they visit the site, view the list, and, whenever they are ready, submit the order and payment details.
If a Sculptor report program creates or refers to a session, it must declare and open a session file, e.g.:
!ofile Session session update
The session file must contain the following mandatory fields, used by Sculptor. Other fields can be added for the application’s own use.
The size is optional, but a32 or longer is recommended. Longer values are more secure. The session ID is randomly generated when the session is created. See create_session().
Session type. Possible values for this field are SESSION_TYPE_COOKIE and SESSION_TYPE_PARAMETER, depending on the function called to create the session (see create_session()).
Timeout period in seconds. If the time between accesses exceeds the timeout period, the session becomes invalid and the record is automatically removed from the session file. The default value is 600 seconds, but a different value may be specified when the session is created (see create_session()).
Next expiry time. This is reset every time the Sculptor program executed by the web server calls the get_web_session() function. The new value is the current time plus the timeout value.
This must remain the same throughout a single session. Referenced by the get_web_session() function.
User name, if user authentication is enabled on the web server. This provides a greater level of security than IPAddress, but its availability is entirely dependent on the web server and web administrator. Many web servers can be configured to authenticate the user, using Basic, Digest or SSL security systems.
The demonstration suite in $SCULPTOR/demo/internet includes the session file session.d. This file includes all the mandatory fields plus an extra field for the customer code, which is used to keep track of orders placed by this user.