MicroStrategy ONE

Session Creation

A session is created on MicroStrategy Intelligence Server whenever a user is successfully authenticated in a MicroStrategy Web product. Successful authentication allows access to MicroStrategy Web functionality and interaction with the metadata and warehouse data. Authentication is performed by Intelligence Server, rather than by MicroStrategy Web.

A session is the context of an active user within the MicroStrategy system and is used to verify the user’s permissions and privileges. An open session consumes and remains in memory on Intelligence Server until the user exits the system by logging out or until the session times out due to inactivity. Every open session in Intelligence Server is uniquely identified by a 32-byte GUID, referred to as the session ID. When a user successfully logs in to Intelligence Server from MicroStrategy Web, Intelligence Server creates and stores the session state and the associated session ID (which identifies the session state) and returns the session state to the Web client. Every subsequent request issued from the Web client on behalf of this user includes the user's session state, which is used by Intelligence Server to determine whether the user has already been authenticated. By passing the session state, MicroStrategy Web does not have to re-authenticate the user as it continues to receive requests from the same user.

In a custom application or when a custom authentication procedure is used instead of the default MicroStrategy Web authentication process, the custom implementation must manage the request for and the persistence of a valid MicroStrategy session state, whether the persistence is accomplished using HTML form parameters, cookies, or through the Web server's session variables. The custom implementation must also manage the closing of MicroStrategy sessions when a user logs out so that session resources are released. For a detailed explanation of how to create and manage a session, refer to Customizing the External Security Module. The example provided with this topic, Creating a Session, provides a code sample for creating a session and setting the necessary preferences. This code sample— SessionManagementSample.java— is provided in the samples/java/webobjects subfolder in the MicroStrategy SDK installation.

When you create a session, you must set all of the required preferences on the session, such as working set size and search working set size. Failure to do so may result in error messages or unexpected behavior.

Session Management

When a user logs into Intelligence Server, Intelligence Server establishes a session, generates and stores a session ID, and returns the session state to the user so that it can be used in subsequent requests to prove to Intelligence Server that the user has been previously authenticated. Based on this session state and its associated session ID, Intelligence Server is aware of every aspect of this user’s session— that is, who the user is, the project to which he is logged in, and so on.

The Intelligence Server Session ID is at the core of the identification of whether or not a user has been authenticated by MicroStrategy Intelligence Server to be able to use the MicroStrategy system. There is, however, no direct way to access most of this project information from the Web API through the Session ID— that is, you cannot give the Web API a Session ID and retrieve the name of the user or project, for example, that are associated with that Session ID. A layered structure of Web API objects (in the Web Objects layer) act as wrappers to this Session ID and provide access to different aspects of Intelligence Server session information.

The WebSessionInfo and WebIServerSession objects were created to store a Session ID and provide direct access to session properties directly from the Web application.

  • WebSessionInfo— Stores generic properties such as the Session ID that forms the core of this definition, as well as the associated user name and password.  

  • WebIServerSession— Stores Intelligence Server-specific properties such as the MicroStrategy Intelligence Server name and port used to connect, as well as the project name. For details on this object, refer to the API Reference.