Blueriq Session management

External Flow Session Lifecycle is different than the usual Session Lifecycle, de deviation occurs in the parent child relation of sessions when created by a AQ_StartProject, or the AQ_Dashboard_Widgets. These services and containers start a session as a nested child session of the main session.

In the image above we have two different styles of session management: 

• Application X uses a AQ_Dashboard_Widget
• Application Y uses a External Flow

In Application X "Session A-1" is a nested child session of "Session A" due to the nature of how AQ_Dashboard_Widgets work.

In Application Y we have two Runtimes (A and B), "Session A" starts an External flow on Runtime B creating "Session B". The image depicts that "Session B" is a child of "Session A" however there are only linked together by a reference. This difference is crusial in how the sessions are managed.

Session cleanup

The session cleanup for Application X and Y differ from eachother as they both use different techniques to create and management sessions.

AQ_Dashboard_Widgets

The AQ_Dashboard_Widgets create a nested session in the current session, when looking at "Application X" this noticeable as "Session A-1" is a child session of "Session A". Direct nested sessions are cleaned up when the its parent session is closed or removed. For External Flow session this is not directly the case. 

External Flow

In "Application Y" the External Flow is used to start "Session B" from "Session A", there is a reference from "Session A" to "Session B" but it is not tightly coupled as for the sessions in "Application X". The sessions in "Application Y" should be managed as seperate sessions and therefore must be disposed of individually. Runtime A is not able to dispose of sessions on a different Runtime, even if the External Flow is configured on the same Runtime. 

Session Lifecycle

In order to understand how External Flow Session Lifecycle works, we need to know how the usual Session Lifecycle work.

In a typical flow a user start the application and it gains a HTTP session and a Blueriq session, the application is displayed and the user will perform its task. Once the user is done, the application is closed and the Blueriq session including its child sessions are closed. Afterwards the HTTP session is closed and everything is disposed of. This is the flow where the user closes their application and Blueriq is notified of the closure. 

Session expiration

Sessions can expire once the user becomes inactive, or closes the application without notifying the Runtime.

The Application Server and the Runtime have a Session Timer inplace that checks if a session has become expired due to inactivity, once a session has become inactive the usual session lifecycle kicks in and will dispose of the user's resources. 

External Flow Session Lifecycle

External Flow can be run on different Runtime servers and therefor the session lifecycle can be distributed over one or more Runtime. 

The initial part of the External Flow Lifecycle is the same as the traditional Session Lifecycle, a HTTP session and Blueriq session are created for the application on the Blue Runtime. The Blueriq Runtime will initialize the External Flow to build a weak reference to the External Flow Session in the Green Runtime This weak reference is required for when sessions are not cleaned up properly. The External Flow is started in the Green Runtime and a new HTTP session and Blueriq session is created with a reference to Blueriq Runtime session.

Once the External Flow has ended the Blue Runtime will be notified and continues the application, at this point the External Flow resource can be disposed on the Green Runtime ending the External Flow Lifecycle. 

External Flow Session expiration

External sessions are created when different runtimes start an external flow on the current runtime. The external sessions are closed when the http session has expired or it was idle. When the user logs out from the host project or the host session simply expired, the external session has no knowledge of that and will remain open even if not used.

Both Runtimes have a session which checks if the session is expired, the External Flow Session has an additional responsibility of notifying that the session has been closed. By doing so other External Flow Sessions can be notified that the parent session has been closed and no further actions should be performed.

To mitigate the problem that sessions are reachable when no other actions can be performed on the session, a mechanism was introduced that stores information about the host session, and the target runtime will check for all of its host sessions if any of them are closed or are still opened. Every time it finds one that was closed, then it will also close the external sessions that were created by that host session.

Session Timeout

Sessions will expired once there is no interactions between the user and the session. For external sessions to work smoothly, without running into unexpected 'Session Expired' problems, the session timeout on the External Flow Server should atleast have the same time-to-live as the Host Server. When the session time-out is shorter on the External Flow Server it is possible you will run into 'Session Expired' errors.

Configuration

Session timeout can be configured by configuring the following properties, when no configuration is provided the default will be set to 30 minutes.

spring.session.timeout=15m

 server.servlet.session.timeout=30m