Siebel Web Service session management

Siebel Web Service session management

Using sessions can improve the performance of the web service calls as the session is kept open for subsequent requests.There is no need to login and logoff for each request.

There are 4 different session types:

None: A new session is opened for each request and then closed after a response is sent out. This is the default.

Stateless: A new session is opened for an initial request and the session remains open for subsequent requests. Relogin occurs automatically (transparent to the user) if the session is closed.

Stateful: A new, dedicated session is opened for an initial request and the session remains open for subsequent requests. Relogin does not occur automatically if the session is closed.

To enable the session management you need to change the following:

1) Add "&WSSOAP=1" to the URL and remove the "UserName" and "Password" arguments from it as well as shown below:

Original URL:

http://mywebserver/eai_enu/start.swe?SWEExtSource=WebService&SWEExtCmd=Execute&UserName=SADMIN&Password=SADMIN

Changed URL:

http://mywebserver/eai_enu/start.swe?SWEExtSource=WebService&SWEExtCmd=Execute&WSSOAP=1

2) Set the Web Service Port’s Operation’s Authentication to "None".

3) Add the Session Management and Authentication Header to the SOAP request.

This is the header where you will send the UserNameToken, PasswordText and SessionType or the SessionToken and SessionType.

The UserNameToken and PasswordText must be sent only when the SessionType is None or when you are creating a new session.

After opening a session, a SessionToken will be returned on Siebel’s successful response. This SessionToken must be used along with the SessionType on subsequent requests and the UserNameToken and PasswordText must be removed from the header.

Please check the below examples for different session types:

SessionType = None

<soap:Envelope xmlns:soap=http://schemas.xmlsoap.org/soap/envelope/>

<soap:Header>

<UsernameToken xmlns=http://siebel.com/webservices>EAIUSER</UsernameToken>

<PasswordText xmlns=http://siebel.com/webservices>EAIUSER</PasswordText>

</soap:Header>

<soap:Body>

</soap:Body>

</soap:Envelope>

SessionType = Stateless OR Stateful

Initial Request:

<soap:Envelope xmlns:soap=http://schemas.xmlsoap.org/soap/envelope/>

<soap:Header>

<UsernameToken xmlns=http://siebel.com/webservices>EAIUSER</UsernameToken>

<PasswordText xmlns=http://siebel.com/webservices>EAIUSER</PasswordText>

<SessionType xmlns=http://siebel.com/webservices>Stateless</SessionType>

</soap:Header>

<soap:Body>

</soap:Body>

</soap:Envelope>

Response:

<soap:Envelope xmlns:soap=http://schemas.xmlsoap.org/soap/envelope/>

<soap:Header>

<siebel-header:SessionToken xmlns:siebel-header=http://siebel.com/webservices>ugvfdpiuhw345074gbjng945ht894nhjbn49258ut24tignwfn4985ht4ugn</siebel-header:SessionToken>

</soap:Header>

<soap:Body>

</soap:Body>

</soap:Envelope>

Subsequent Request:

<soap:Envelope xmlns:soap=http://schemas.xmlsoap.org/soap/envelope/>

<soap:Header>

<SessionType xmlns=http://siebel.com/webservices>Stateless</SessionType>

<SessionToken xmlns=http://siebel.com/webservices>ugvfdpiuhw345074gbjng945ht894nhjbn49258ut24tignwfn4985ht4ugn</SessionToken>

</soap:Header>

<soap:Body>

</soap:Body>

</soap:Envelope>

Note 1: When using sessions, a SessionToken will be returned on every successful response from Siebel. This SessionToken will change after every request and the latest SessionToken must always be used on the next request.

Note 2: The SessionType used with the SessionToken must be the same as the request that opened the session otherwise it may lead to unextected results.

Note 3: The Session Management and Authentication Header is not the same as the WS-Security and cannot be used together.

There are three types of timeouts that affect the Web Service sessions:

* SessionTimeout (in seconds): The total number of minutes a session can remain inactive before the user is logged out and the session is closed.

* SessionTokenTimeout (in minutes): The Siebel Web Server Extension (SWSE) rejects the session token if the token is inactive for more than the SessionTokenTimeout value. Whenever the token is used, this value is refreshed.

* SessionTokenMaxAge (in minutes): The SessionTokenMaxAge parameter will make the SWSE reject the token if it has been used for more than the SessionTokenMaxAge value. This is different from the SessionTokenTimeout because it does not refresh every time the token is used.

It is advisable to set the values in the following manner:

SessionTimeout < or = SessionTokenTimeout < or = SessionTokenMaxAge

This is due to the following:

a) If the SessionTokenTimeout times out before the SessionTimeout, an error about the Token being timeout will be generated and a new session will need to be opened. However the old session will still be active so it will be wasting resources as the token that uses it will not be valid anymore.

In certain situations it is possible that all tasks are opened due to the situation above and thus errors about no more sessions being available on the EAI Object Manager can happen.

When the SessionToken timeout has the same or a bigger value than the SessionTimeout, the above situation will not happen and while the SessionTokenTimeout is still valid, a relogin can occur (if Stateless SessionType is used) or a new session can be explicitly opened without wasting resources.

b) The SessionToken has a maximum time to live controlled by the SessionTokenMaxAge. If the SessionTokenTimeout is set to a bigger value than SessionTokenMaxAge, that token will be invalidated, even though it has not timed out yet.

siebel

Mark Enjam