Session Frequently Asked Questions

Are Async calls and TROSessions thread-safe?
How can I access async responses after restart?
Is it possible to get hold of the ClientID property from within a TRORemotable class?
What is the easiest way to send authentication information?
Why sessions expire immediately after creation if timeout is set to 0?

Are Async calls and TROSessions thread-safe?

If threaded Remoting SDK calls can write to the same session object, you need to synchronize access to the session object. This can be done, for example, by providing a subclass that provides locking.

How can I access async responses after restart?

In order to do this, you need to persist both the Message ClientID and the ID of the request (for example to an .ini file), and restore them when restarting.

The MessageID can be obtained and set by casting your async proxy interface to IROAsyncInterface and accessing its MessageID property.

Is it possible to get hold of the ClientID property from within a TRORemotable class?

Yes, just add the IRODispatchNotifier interface to its declaration and provide an implementation for the GetDispatchInfo method. When GetDispatchInfo gets called by the framework, it provides a pointer to the transport and message components used to invoke the request. The Message component holds the right ClientID. The DispatchNotifier sample is a good example of how to intercept method calls and also get a lot of other information about the client.

What is the easiest way to send authentication information?

You need to do two things:

First, create a separate service inside your RODL file. This service should expose the Login and Logout methods like

method Login(username: String; password: String): Boolean;
begin
  if MyValidate(username, password) then begin
    Session['user'] := username;
    exit true;
  end
  else begin
    self.DestroySession();
    exit false;
  end;
end;

method Logout();
begin
  self.DestroySession();
end;

Secondly, set the RequireSession property to True for the service you want to protect. If no session or no valid login information were found in the data call, the request to the protected service will be rejected immediately.

Why sessions expire immediately after creation if timeout is set to 0?

In .NET and in the MemorySessionManager, setting timeout to 0 results in immediate expiration of the session (so that every session expires immediately after creation).