Session Handling

Basic Authentication

For more information on basic authentication, refer to this page.

Cookie Handling

With the response of the first call to yuuvis® RAD gateway, yuuvis® RAD gateway will send a SET COOKIE GWSESSIONID=<id> header giving you the sessionid it created for this call (i.e., session). Any further calls need to have the header GWSESSIONID=<id> set for yuuvis® RAD gateway to be able to recognize them as belonging to the same session.

If this header is not present, yuuvis® RAD gateway will create a new session for each call causing inactive sessions to pile up. This causes performance degradation and also, if the maximum number of conccurent sessions per user is reached, no new calls can be executed. The maximum is 1000 per default.

Common HTTP frameworks such as Apache HTTP Components already have the logic to do cookie handling for you if the configuration is set accordingly.
In case of Apache HTTP Components, this is done by creating the HttpClient with a BasicCookieStore like this:
CookieStore cookieStore = new BasicCookieStore();
CloseableHttpClient httpclient = HttpClientBuilder.create().setDefaultRequestConfig(requestBuilder.build()).setDefaultCredentialsProvider(getCredentialProvider()).setDefaultCookieStore(cookieStore).build();

Closing Sessions

The duration of a session can be set separately for the yuuvis® RAD core-service and yuuvis® RAD gateway. The default duration is 30 minutes for both. To close the session you have two options:

  • Using the x-os-session-keep-alive header parameter:
    This header can be used to force the session identified by the GWSESSIONID header to be closed in both yuuvis® RAD gateway and yuuvis® RAD core-service. The default and implicitly set value (if the header is not present) is true. If set to false, the session will be closed after this call.

  • Calling the URL .../logout:
    yuuvis® RAD gateway will close its session for this GWSESSIONID and also try to close the core-service session.