Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 10.0.1 » SQL Anywhere Server - Programming » SQL Anywhere Web Services » Using HTTP sessions

Creating an HTTP session Next Page

Session management with cookies

Cookie state management is supported using the sa_set_http_header system procedure with 'Set-Cookie' as the field name. Utilizing cookies for state management negates the need to include the session ID within the URL. Instead, the client provides the session ID within its HTTP cookie header. The downside to using cookies for state management is that cookie support cannot be depended upon in an unregulated environment where clients may have disabled cookies. Consequently, a web application should support both URL and cookie session state management. A URL session ID, as described in the previous section, takes precedence in the event that a client provides both a URL and cookie session ID. It is the web application's responsibility to delete the SessionID cookie in the event that the session expires or that the session is explicitly deleted (for example, sa_set_http_option('SessionID', NULL)).

DECLARE session_id VARCHAR(64);
SET tm=now(*);
SET session_id = 'session_' || 
    CONVERT( VARCHAR, SECONDS(tm)*1000+DATEPART(millisecond,tm));
CALL sa_set_http_option('SessionID', session_id);
CALL sa_set_http_header( 'Set-Cookie', 
        'sessionid=' || session_id || ';' ||
        'max-age=60;' ||
        'path=/session;' );