How are Active Sessions meant to work?

I have PersistentSessions set to true so that I can see which users are logged in under the Active Sessions menu, and have some questions about how this is meant to work. I have changed the display of the Last Active column in the Active Sessions form to display both Date and Time. Logged in as an administrator I can monitor the records in the Active Sessions form. There is a column called Session ID that shows no data - what is meant to be displayed here? I would expect the Last Active column to show the last time the user was active on the system (created or modified a record or issued a query), but this does not seem to be the case. Instead, this value is updated every 3 minutes (keep-alive?) while the user's browser is open. This keep-alive seems to be the ONLY thing that updates the Last Active value. If the user creates or modifies a record this does NOT update the Last Active time. I was hoping to use the Last Active value to identify users who had been inactive for a long period (like an hour) but had left the browser open, so that I could log them out and release the license. It looks like the Last Active value is no use for this. Is this how it is meant to work, or is this meant to monitor when the user was active on the system? Another administrator menu shows Runtime Instances (plural?) and displays a data grid: Can there be more than one entry in this datagrid? Why is no data shown in the Allowed concurrent users, Partner and Customer columns? This data is present in the license file, but should it also be displayed here? Edit: is anyone able to answer the query about recording last user activity?
3 answers

Hello David,

Good remark with regard to the format of 'Last active', 'DateTime' indeed gives more information than 'Date'. The form was created in a time the 'DateTime' format did not exist yet, so that's why the 'Date' format is still there.

When I create a new project the "Active Sessions" form has no column for SessionID, but perhaps it was present in an earlier version. It does have a value when I add the column (signed in as administrator). The value should have the form of a UUID (

As Michel already stated, the purpose of the 'LastActive' attribute is only used to determine session timeout. To determine 'last user activity' I would advise to follow Michel's suggestion.

In theory, more than one runtime instance can connect to the same database. For instance, when a front-end runtime handles all user requests and a back-end runtime processes heavy scheduled events. However, in practice this has almost never been used, as one runtime can handle a lot of load. The database is the bottleneck most of the time.

The "AllowedNumberOfConcurrentUsers", "PartnerName" and "CustomerName" attributes of XASInstance are obsolete, they will be removed in one of the following releases.


Hi David,

I hardly ever used the active sessions menu item, but you are asking good questions :)

I think you can file a bug report to change the date view of active sessions to datetime. They session ID not being visible is a wrong security setting I guess, so that deserves a bug report as well. The session id should be a long hash, 16 characters i think.

The last active time is indeed solely based on the keep alive requests. It is used to kill sessions after that the browser has been closed without notifying the server. If you want to base last active on record updates, you should add events to your domain model. A single entity from which other entities inherit might save some boilerplate flows.

I never did something with runtime instances so I can't tell you much about that.

So, no real answers, just confirmations on your observations ;-).


Hi David,

Since mendix 2.5.3 the Mendix Core supports the Core.getActiveSessions() methods. This method can be used to iterate over all active sessions, to update their last active time for example. Using this method you can easily update an LastOnline attribute. If you run the code below with an scheduled every 3 minutes, you know which users were online 5minutes ago:

for(ISession session : Core.getActiveSessions()) 
  if (session.getUser().getMendixObject().getType().equals(YOURMEMBER.getType())) {
    IMendixObject user = session.getUser().getMendixObject();
    user.setValue(getContext(), YOURMEMBER.MemberNames.YOURATTRIBUTE.toString(), new Date());
    Core.commit(getContext(), user);