Read acces for System.Session.SessionID for Admin with security level set to Production
0
Hello For our application we use an association to the SessionID to distinguish entities of the same user. This principle worked fine when we used Security level off during development. We also had an gridview for the Admin, where we could see the SessionID association and used this view to check all situations that could occur. However, when the security level is set to production, we are no longer able to see the session ID, as the Admin right for session ID can not be set to read. Why can the session ID not be read by an Admin ? The other functionality (Setting associations to session ID to distinguish properties entities for different sessions. Both the Admin as well as the User do set this association from within microflows ) still seems to be working fine, however this is hard to test properly when you cannot see the session ID association. Any suggestions on how to test/validate this ?
asked
Robert Jan Gorter
1 answers
0
Hi Robert,
Do you just need a unique identifier for each session? If so, you can create an entity that has a 1 to 1 association to your session and that has a string attribute. Then you can use the community commons RandomHash java action to set this value.
Also, don't forget to set the association to delete this entity when the session object is deleted.