Canvas session management


#1

Canvas seem to create multiple sessions for a single user.
For example,

  1. the user logs into Canvas and then closes the browser without logging out.
  2. the user opens browser again and being asked to login, however, the previous session is still active in TM1. This creates second session for the same user.
  3. if the maximum amount of sessions is set to 2. The user will no longer be able to login into Canvas until the first session expires.

Is it possible to use localStorage to store the session id and try to re-use it later if it is still valid?


#2

Hi Andrey,

Canvas doesn’t create any sessions, users create sessions when they send a request for a TM1 resource and login via Canvas. What may be an issue is that the sessions aren’t being closed, what you should do is have an adequate HTTPSessionTimeoutMinutes setting so that if the browser is closed without an explicit logout the sessions are removed.

It works the same way in the browser, if you execute a REST API call, something like: https://localhost:8881/api/v1/Dimensions('Account') and then close the browser you will see the session remains until they timeout.

How are you configuring the maximum sessions? Through Max Connections? I would recommend having a value larger than 2.


#3

It is set to 3 and I am not able to change this value.
Yes, it is Max Connections.

Is there a way to destroy a session on exit without clicking logout button?


#4

Hi Andrey,

You can close a session in your controller with: $tm1Ui.applicationLogout(instance)

That will only work if you know a person is closing the browser, I think that is possible with the onbeforeunload unload event.


#5

I tried to add onbeforeunload, but the logout function inside doesn’t seem to work. If I put something else in there like console.log and make a window to pop up before closing/reloading, those functions work fine…
Any suggestions on where and how I should implement this?


#6

Hi @aeremenko,

Browsers are dropping support for these types of events (they are used for adware) so as I said earlier in the thread you should be using the session timeout combined with a larger max connections setting.