Anonymous Sessions in GAM - Web Applications

Official Content
This documentation is valid for:

Applications wich use GeneXus Access Manager, can have private and public pages depending on the Integrated Security Level property. Public pages are those where Integrated Security Level property is set to none.

In these cases, where applications have both private and public web pages, when a user visits the public pages, a Session can be kept anyway (optionally).

Although the user is not logged in to the application (because he has visited only public pages of the application), a Session can be saved with information that in most cases is useful for statistical purposes. From now on, this Session will be called an "anonymous session".


Anonymous Sessions are GAM Sessions which are given to users of the application who have not been authenticated.

As any other Session, they are identified by a Token, and have other properties as Date, InitialURL, LastURL, etc.

The GAMRepositoryConfiguration web panel (located in GAM Example folder) is an example where this property is used.

The way to use it in GeneXus code (by using the GAM API) is the following:

&Repository.GiveAnonymousSession   = &GiveAnonymousSession // GAMBoolean data type

Anonymous sessions: Example of use

An example is to register the navegability of the user over a site, until the user authenticates.
When the user logs on, the same Session is given to him (the same Token is used), so the backward information which has been obtained is saved and added to the new Session information.
This is a typical case of portals, where "navegability" is information needed in order to obtain statistics of visited pages.

Lets see the example in more detail:

In this example, an "anonymous session" stores the information of all visited public web pages of an anonymous user, until he/she logs on.

1. Edit the repository configuration (using the GAM Web Backoffice) and configure:

Give Anonymous Session = TRUE
Generate Session Statistics = Minimum (or Detail)


Figure 1. GAMRepositoryConfiguration form.

2. Program the following in any non secure web object:

 &SessionValid = GAMSession.IsValid(&Session, &Errors)  //&SessionValid is Boolean, &Session is GAMSession data type
 If &SessionValid
  &sessionToken = &Session.Token
  &sessionInitialURL = &Session.InitialURL
  &sessionLastURL = &Session.LastURL  //Obtain the current Web Page
  &sessionStatus = &Session.Status
  &sessionIsAnonymous = &Session.IsAnonymous    //Ask if Session is Anonymous or not
  &sessionDate = &Session.Date
 do 'DisplayMessages' 

- When &session.isvalid is executed, GAM returns a token of the session.

If the user is not logged in (or the session has expired), the session is identified as an anonymous session (IsAnonymous flag is set to TRUE).

See Also

GAM Repository features and properties