Is it possible to have two valid Rollbase sessions for the s - Rollbase - Forum

Posted by mopfer on 21-May-2014 15:28

There is information in my Rollbase application that I wish to make available to several hundred customers by allowing them to access it from their non-Rollbase application by calling the Rollbase API to get to my Rollbase application.

Since calling the API involves connecting to Rollbase, getting logged into Rollbase, and then making API calls to do the desired work, there is an opportunity for one customer to get logged in and start the work and then another customer logs in to start the process before the first customer finishes the set of API calls that need to be made to get the information. If both customers are using the same user ID to login, the first customer's session gets killed as soon as the second customer logs in. Is there a way to allow one particular user ID to have multiple valid logged-in sessions at the same time?

I would prefer not to have to manage several hundred different user IDs to allow each customer to have their own ID for getting to the data, and I would prefer that the code in the non-Rollbase application not have to be adjusted to handle getting those different user ID and passwords from somewhere.

Rollbase - Forum

All Replies

Posted by Bill Wood on 21-May-2014 15:43

As you noted, sessionID is limited to one active session per user credential, but you can also authenticate individual requests with Basic Authentication. (See Chapter 15 in Rollbase In Action).

The sessionID is useful when you want to hold the authentication across multiple requests. Using Basic-Authentication means each request contains the username/password so you should only do this over https, but because requests are self-contained you won't run into conflicting sessions.

I believe this was added as a feature in Rollbase 2.2. =)

Posted by mopfer on 21-May-2014 16:16

Thanks for the information Bill. The non-Rollbase application is written in the ABL, which doesn’t have much support for making REST calls at this point. I don’t see the Basic-Authentication approach when I’m looking at the SOAP API part of Chapter 15. Am I looking in the wrong place, or is Basic-Authentication only available in the REST API?

[collapse]

From: Bill Wood [mailto:bounce-wood@community.progress.com]
Sent: Wednesday, May 21, 2014 3:45 PM
To: TU.Rollbase@community.progress.com
Subject: Re: Is it possible to have two valid Rollbase sessions for the same userID at the same time?

Re: Is it possible to have two valid Rollbase sessions for the same userID at the same time?

Reply by Bill Wood

As you noted, sessionID is limited to one active session per user credential, but you can also authenticate individual requests with Basic Authentication. (See Chapter 15 in Rollbase In Action).

The sessionID is useful when you want to hold the authentication across multiple requests. Using Basic-Authentication means each request contains the username/password so you should only do this over https, but because requests are self-contained you won't run into conflicting sessions.

I believe this was added as a grater in Rollbase 2.2. =

Stop receiving emails on this subject.

Flag this post as spam/abuse.

[/collapse]

Posted by wmtwood on 21-May-2014 16:32

I have only been looking at REST. I will have to get back to you on the SOAP APIs and whether these support BASIC-AUTHORIZATION.

Posted by Mike Fechner on 21-May-2014 23:45

Hi Bill,

do you know how that‘s going to be different in the URL’s for REST calls? Just add the auth-header and skip the session ID in the URL?

We’ve implemented our own ABL REST Adapter to Rollbase (based on sockets) and using Basic-Auth instead of the extra login call sounds promising!

Mike

Posted by Anoop Premachandran on 22-May-2014 00:12

Yes. But one difference is User Name should of the format "loginName@CustomerId"

Posted by Mike Fechner on 22-May-2014 00:16

How do I find out my CustomerId? I’m on the hosted cloud?

Von: Anoop Premachandran [mailto:bounce-apremach@community.progress.com]
Gesendet: Donnerstag, 22. Mai 2014 07:13
An: TU.Rollbase@community.progress.com
Betreff: RE: Is it possible to have two valid Rollbase sessions for the same userID at the same time?

RE: Is it possible to have two valid Rollbase sessions for the same userID at the same time?

Reply by Anoop Premachandran

Yes. But one difference is User Name should of the format "loginName@CustomerId"

Stop receiving emails on this subject.

Flag this post as spam/abuse.

Posted by Anoop Premachandran on 22-May-2014 00:23

Just go to Subscription Details Page (Available in top right dropdown)

In the System Information Section, you will find ID field..

Posted by Mike Fechner on 22-May-2014 00:32

Ok, thanks! And now I leave this thread to again to Mark J

Posted by Bill Wood on 22-May-2014 08:30

WRT:

> I have only been looking at REST. I will have to get back to you on the SOAP APIs and
> whether these support BASIC-AUTHORIZATION.

The REST API is the only one that supports per-message BASIC-AUTHORIZATION. The documentation is correct and the SOAP API to Rollbase requires the sessionID on each call.

Posted by mopfer on 22-May-2014 09:01

Thanks Bill.

Posted by Bill Wood on 22-May-2014 10:00

You can check out this link to Open Source HTTP Clients on OpenEdge if you want to go with REST. (No warranties stated or implied).

This thread is closed