Question

Maintain user session for Rest service with basic authentication

0

I've published a Rest service with basic authentication. When I call this service from SoapUI a session is made for the user which name and password are sent from SoapUI. Directly after returning the response, the session in Mendix is removed. When I call a lot of services directly after eacht other, a Mendix session is being made for each call. In SoapUI I see that the same session is being used. Is there a possibillity to maintain the session in Mendix for a given amount of time, instead of creating en deleting a session for eacht call? I am afraid that in the production environment the overhead of creating the user sessions will be to large when the consumer calls many services in a short time...

asked 2016-09-14

Diederik Wentink

1 answers

Jaap Pulleman · Accepted Answer · 2016-09-26

This would require some changes to the REST services module.

In the javasource/restservices/publish/RestServiceHandler.java action there is a function called "processRequest" which ends with a "finally" statement in which the function rsr.dispose() is called.

This function performs a Core.logout action. If you remove the rsr.dispose() call the Logout would not be executed and the Session timeout should be used to clean up the session. If you only use a few users to consume the web service this could be worth considering, however if many different users consume this web service it might cause a lot of idle sessions in your application. And since objects with a reference to a session cannot be garbage collected this might have a detrimental effect on the application's memory usage.

You can change the default session timeout (10 minutes) by changing the custom setting: "SessionTimeout"