Applications wich use GeneXus Access Manager, can have private and public pages depending on the Integrated Security Level property. Public pages are those where Integrated Security Level property is set to none.
In these cases, where applications have both private and public web pages, when a user visits the public pages, a Session can be kept anyway (optionally).
Although the user is not logged in to the application (because he has visited only public pages of the application), a Session can be saved with information that in most cases is useful for statistical purposes. From now on, this Session will be called an "anonymous session".
Anonymous Sessions are GAM Sessions which are given to users of the application who have not been authenticated.
As any other Session, they are identified by a Token, and have other properties as Date, InitialURL, LastURL, etc.
The GAMRepositoryConfiguration web panel (located in GAM Example folder) is an example where this property is used.
The way to use it in GeneXus code (by using the GAM API) is the following:
&Repository.GiveAnonymousSession = &GiveAnonymousSession // GAMBoolean data type
Anonymous sessions: Example of use
An example is to register the navegability of the user over a site, until the user authenticates.
When the user logs on, the same Session is given to him (the same Token is used), so the backward information which has been obtained is saved and added to the new Session information.
This is a typical case of portals, where "navegability" is information needed in order to obtain statistics of visited pages.
Lets see the example in more detail:
In this example, an "anonymous session" stores the information of all visited public web pages of an anonymous user, until he/she logs on.
1. Edit the repository configuration (using the GAM Web Backoffice) and configure:
Give Anonymous Session = TRUE
Generate Session Statistics = Minimum (or Detail)
Figure 1. GAMRepositoryConfiguration form.
2. Program the following in any non secure web object:
&SessionValid = GAMSession.IsValid(&Session, &Errors) //&SessionValid is Boolean, &Session is GAMSession data type
&sessionToken = &Session.Token
&sessionInitialURL = &Session.InitialURL
&sessionLastURL = &Session.LastURL //Obtain the current Web Page
&sessionStatus = &Session.Status
&sessionIsAnonymous = &Session.IsAnonymous //Ask if Session is Anonymous or not
&sessionDate = &Session.Date
- When &session.isvalid is executed, GAM returns a token of the session.
If the user is not logged in (or the session has expired), the session is identified as an anonymous session (IsAnonymous flag is set to TRUE).
GAM Repository features and properties