Administration GuideSPS APIsSession Scheme API › Overview of Session Scheme API Processing

Previous Topic: Session Scheme API

Next Topic: Session Scheme API Class Files

Overview of Session Scheme API Processing

The SPS processes a number of methods to establish, maintain, and end a typical user session. One of the steps during session processing is to determine whether a scheme is rewritable. Rewritable schemes provide the ability to modify the URL. The simple URL rewriting session scheme is an example of a rewritable scheme, since part of the processing of a request includes rewriting the requested URL to include a token.

To implement a rewritable session scheme, you must implement the rewritable interface, which is described in Rewritable Session Schemes.

The following illustration shows the process flow for the session scheme API methods.

The methods identified in the illustrated are:

  1. isValidRequest—This method must be implemented in a custom session scheme to determine and verify the conditions that make up a valid request.
  2. getKeyFromRequest—This method must be implemented to extract a key from a valid request. If no key is present, the createKeyFromRequest method is called.
  3. createKeyFromRequest—This method must be implemented to trigger the creation of a key for a new session.
  4. onSessionCreate—On the event of session creation, if the session scheme in use is not rewritable, this method is called. This method may be implemented with any code that should be triggered at the inception of a new session.
  5. onSessionCreateRedirect—On the event of session creation, if the scheme is rewritable, this method is called. This method may be implemented with any code that should be called at the inception of a new session for a rewritable session scheme.
  6. onSessionUpdate—A session is updated for each new request made during the session. This method is called during each session update. It may be implemented by adding any code that should be triggered during a session update.
  7. onSessionLogout—This method is called when a session is terminated. It may be implemented with any code that should be executed when a user session is terminated.