endpoint handler are executed
Implements EventEmitter and will emit login event each time user logged in
or loginFailed event whith 2 parameters(userID, isLocked) when user UB authentification failed by wrong password
- Mixes In:
Members
id: Number
static
readonly
Current session identifier. === 0 if session not started, ===1 in case authentication not used, >1 in case user authorized
userID: Number
static
readonly
Logged-in user identifier (from uba_user.ID). Undefined if Session.id is 0 or 1 (no authentication running)
userRoles: String
static
readonly
Logged-in user role IDs in CSV format. ==="" if no authentication running
userRoleNames: String
static
readonly
Logged-in user role names in CSV format. ==="" if no authentication running
userLang: String
static
readonly
Logged-in user language. ==="" if no authentication running
uData: Object
static
readonly
Custom properties, defined in Session.on('login') handlers for logged-in user.
Starting from UB 1.9.13 this is a JavaScript object (before is {TubList} ).
If modified inside Session.on('login'), value of this object is persisted into global server Sessions (via JSON.stringify)
and restored for each call (via JSON.parse).
Never override it using Session.uData = {...}, in this case you delete uData properties, defined in other application models.
Instead define or remove properties using Session.uData.myProperty = ... or delete Session.uData.myProperty;
We strongly recommend to not modify value of uData outside the Session.on('login') handler.
Such modification is not persisted between calls.
callerIP: String
static
readonly
IP address of a user. May differ from IP address current user login from. May be empty if request come from localhost.
Methods
setUser(userID, secretopt) → String
static
Create new session for userID
Arguments:
-
userID (Number) ID of user
-
[secret] (String) secret word. If defined then session secretWord is JSON.parse(returns).result+secret
- Deprecated:
- use runAsUser instead this
runAsAdmin(call) → *
static
Call function as admin.
Built-in "always alive"(newer expired) admin session is always created when the application starts,
so this is very cheap method - it will not trigger Session.login event every time context is switched (Session.setUser and Session.runAsUser does)
Can be used in scheduled tasks, not-authorized methods, etc. to obtain a admin Session context
Arguments:
-
call (function) Function to be called in admin context
runAsUser(userID, call) → *
static
Call function as custom user.
New session will be created. Will fire login event.
Arguments:
-
userID ID of user
-
call Function to be called in user's session.
Session.on('login') handlers for logged-in user.
Starting from UB 1.9.13 this is a JavaScript object (before is {TubList} ).
If modified inside Session.on('login'), value of this object is persisted into global server Sessions (via JSON.stringify) and restored for each call (via JSON.parse).
Never override it using Session.uData = {...}, in this case you delete uData properties, defined in other application models.
Instead define or remove properties using Session.uData.myProperty = ... or delete Session.uData.myProperty;
We strongly recommend to not modify value of uData outside the Session.on('login') handler.
Such modification is not persisted between calls.
setUser(userID, secretopt) → String static
Arguments:
-
userID(Number)ID of user -
[secret](String)secret word. If defined then session secretWord isJSON.parse(returns).result+secret
- Deprecated:
- use runAsUser instead this
runAsAdmin(call) → * static
admin session is always created when the application starts,
so this is very cheap method - it will not trigger Session.login event every time context is switched (Session.setUser and Session.runAsUser does)
Can be used in scheduled tasks, not-authorized methods, etc. to obtain a admin Session context
Arguments:
-
call(function)Function to be called in admin context
runAsUser(userID, call) → * static
login event.
Arguments:
-
userIDID of user -
callFunction to be called in user's session.