Single Logon Token creates two Active Logons

aseem.sharma · August 8, 2019, 5:14pm

We have integrated our existing application(.Net) with Dundas API’s where we are dynamically creating the users and Tenants in Dundas. We are displaying dundas dashboards under multiple modules in application and for the same we have initialized the following 3 values at the time of Login.

DundasAdminSessionID
DundasLocalUserSessionID
DundasLocalUserLogonToken

What I found that the single LogOn Token is creating 2 Active Sessions when checking the same from the Dundas. Is that is the expected behavior?

jeff · August 8, 2019, 5:51pm

Hi Aseem,

Based on your description, what you are seeing is correct but there is one thing that is a bit confusing. It sounds like you are programmatically generating both a login session and a logon token. If this is the case, you don’t need to do this.

First, generate a logon token and give that token to the user to login. By doing this, they will be given a sessionID for the application automatically, you don’t need to generate this. Think of the logon token as a one time pass to get into the application. Once the logon token is used, that’s it - you’ll have to generate a new one to allow another logon for the user.

If you are generating both a sessionID and then a logon token, it would explain the extra sessions you are seeing.

aseem.sharma · August 12, 2019, 1:38pm

Hi Jeff,

Thanks for your explanation. I agree, it works fine then. Could you please suggest me an API through which I can fetch the SessionID of an Account by passing the Account ID as a parameter? I haven’t found any.
Once user Logins to Dundas I need the SessionID of the User to check if the session not valid then generate a new LogOn Token.

Thanks & Regards
Aseem

aseem.sharma · August 12, 2019, 5:52pm

Hi Jeff,
Could you please suggest me an API through which I can fetch the SessionID of an Account by passing the Account ID as a parameter?? I haven’t found any.

Thanks

jeff · August 12, 2019, 6:27pm

Hi Aseem,

I think an adjustment in your approach is probably best as there is no such API. Typically, you don’t want to generate and store sessionIDs and it’s better just to have sessions managed between the user and the Dundas BI application automatically through a logon tokens.

The best practice is to redirect the user your own custom login page if the session expires and needs a new login is needed. To do this, you can use an option in the config to change the page that Dundas BI redirects the user to if their session becomes invalid. Just use this config to pass the user back to your application and use a logon token to re-authenticate them as needed.

https://www.dundas.com/support/learning/documentation/administration/set-up-a-custom-logon-url

aseem.sharma · September 5, 2019, 2:20pm

Hi Jeff,
Thanks a lot for the explanation and will try something in the same manner. Setting up a custom Logon URL is really a helpful thing.