User session is split into two parts - global user session and application user session.
Global user session properties are the following:
- UserSesisonID - session system identifier. Not exposed to client workflows.
- UserID - user system identifier. Not exposed to client workflows.
- SessionToken - session identifier, which is exposed to all user workflows. SessionToken is usually immutable during the session life cycle, but could also be changed in special cases.
- StartDate - date when global user session was created
- FinishDate - anticipated date when session will expire. This date is calculated based on the session's last validation date and timeout.
- RenewalDate - date when session was renewed after it expired.
- Validationdate - date when session was last validated from activity in any application.
- IsSessionForcedToExpire - bit, which controls whether session was forced to expire before its scheduled expiration date, usually by administrator.
- SesisionSignature - token, which accompanies the SessionToken, but does not identify the session. This token is useful when, for example, the SesisonToken is sent via query string parameter, while the SessionSignature is maintained via cookie
- SessionValidationCode - token, which may be used one time. An invalid value of this token supplied from the client, forces the session to expire immediately.
- SessionValdiationCodeStartDate - specifies date and time, after which the SessionValidationCode must be validated with next session validation.
- SessionValdiationCodeFinishDate - specifies date and time, before which the SessionValidationCode must be validated with next session validation.
- Sessionkey - token usually used as session-specific encryption key.
- RefreshToken - token, which may optionally be used to renew an expired session. Usually used with OAuth2 workflow.
- RefreshTokenFinishdate - last date and time, when RefreshToken may be used to renew an expired session. Usually used with OAuth2 workflow.
In Arnica UnifiedLogon session activity is performed in the context of application. A global user session is engaged for each user activity, while the application user session is engaged only in the context of activity within a specific application.
Application user session properties are the following:
- ApplicationUserSesisonID - application user session system identifier. Not exposed to client workflows.
- UserSesisonID - global user session system identifier, which application user session belongs to. Not exposed to client workflows.
- ApplicationID - application system identifier. Not exposed to client workflows.
- StartDate - date, when application user session was created.
- FinishDate - anticipated date, when application user session will expire. This date is calculated based on the session's last validation date and timeout.
- RenewalDate - date, when the session was renewed after it expired.
- Validationdate - date, when the session was last validated from activity in the context of the application.
- IsSessionForcedToExpire - bit, which controls whether application user session was forced to expire before its scheduled expiration date, usually by administrator.
- SessionValidationCode - token, which may be used one time. An invalid value of this token supplied from the client forces the application session to expire immediately.
- SessionValdiationCodeStartDate - specifies date and time, after which the application SessionValidationCode must be validated with the next session validation in the context of the application.
- SessionValdiationCodeFinishDate - specifies date and time, before which the application SessionValidationCode must be validated with the next session validation in the context of the application.
- DeviceCode1 - device identifier, from which application user session was created.
- DeviceCode2 - device identifier, from which application user session was validated.
Using both global and application user session properties guarantees more flexibility and allows to create various SSO solutions and workflows.