Session Key Authentication

All the APIs require authentication. Once authenticated, you are provided a session key. Nearly all methods require a session key as the first parameter. For the JSON/RPC API, you call this method to begin:

	 * Authenticate user
	 * @param login    user's username
	 * @param password user's password
	 * @return session key if authentication is successful, "-1" if authentication fails for any reason
	 * @module User
	 * @usertype None
	public String authenticate(String login, String password) { ... }


Session Keys are generally valid for 30 minutes of inactivity; though, their duration is configurable. Furthermore, the duration of a session key is extended as it is used. If you want to extend the duration of a session key, then you can "tickle" it by invoking the following:

FlexClient client = new FlexClient(url);
String tickleTime = (new Date()).toString();
LabelValueBean bean = new LabelValueBean();
client.setUserPreference(sessionKey, bean);

Please note: that this example is being illustrated with the Java API components (FlexClient, et al). However, the underlying call is available in the JSON/RPC API, and the approach (and data) are the same. Here's the setUserPreference() call:

	 * Set a user preference value in the database
	 * @param sessionKey user's session key
	 * @param bean       key/value pair with the user preference name / value
	 * @return <code>true</code> if successful, <code>false</code> otherwise
	 * @module User
	 * @usertype None
	public boolean setUserPreference(String sessionKey, LabelValueBean bean) { ... }

Please use the "TickleTime" preference name; this is a reserved word in NetX's preference system.

Session key-related properties

Property Description

This is used in conjunction with Hydra. Setting this to true will allow sessionKeys to be shared between Hydra nodes.

Please note: be aware this does not transfer session attributes between nodes.

Value options: true, false

Restart required: Yes


This property controls the length of time in minutes that the internal session keys remain valid. Please only change this value if you know what you are doing as it can affect the security of your installation. The default timeout is 30 minutes. Note: setting this value to 0 will result in the default timeout value of 30 min.

Value options: 1 - 35791

Requires restart: Yes


This is based on RPC calls, but this ignores calls to setUserPreference() (which is used to tickle the session). So if this set to a number (in minutes), and there is no RPC activity, then the user will be prompted to keep the session active. If there is no response, the session will be expired 1 minute later. This defaults to 1 hour (60).

Value options: number

Restart required: No


By default, the UI "tickles" the session to keep it alive (every ten minutes); if user.sessionInactivityTimeout is set to zero, then the UI will have a session indefinitely. Conversely, if this is set to true, then sessions will expire based on the value of user.sessionInactivityTimeout, regardless of user activity.

Value options: true, false

Restart required: Yes

Was this article helpful?
0 out of 1 found this helpful