When trying to implement the way to store session data as explained in KB article TEC529299, option #2.
Specifically, I want to store some value to the session store in the custom authentication scheme and read it from session store in the active expression.
The problem is that any session-related call in the authentication scheme fails (including getSession(), getStatus() and setVariable() functions).
The same calls work fine in the active expression.
In the logs we see:
[3768/3380][Mon Dec 13 2010 15:13:26][SmAuthUser.cpp:285][ERROR] CSmSessionServer::GetSession() - Provider::GetSession() failed. Error code : 2
[3768/3380][Mon Dec 13 2010 15:13:26][SmSSInDBStore.cpp:972][INFO] CSmSSInDBStore::DoGetStatus() - failed with code - 1001
[3768/3380][Mon Dec 13 2010 15:13:26][SmAuthUser.cpp:285][ERROR] CSmSessionServer::GetStatus() - Provider::GetStatus() failed. Error code : 2
[3768/3380][Mon Dec 13 2010 15:13:26][SmAuthUser.cpp:285][ERROR] CSmSessionServer::SetVariable() - Provider::SetVariable() failed. Error code: 2
Looks like the session still does not exist during the scheme invocation.
- User context is already established in the authentication scheme.
- Session IDs are the same in both places (scheme and expression).
During Authentication phase:
First, the User Session ID is generated and stored in the memory only. Then the Response list (Authentication Responses)is processed, That's why the
GetStatus () function call during the processing of the response list returns false. Because the persistent session has not been created yet and stored in
the DB. Only session ID has been created and that too is still in the memory.
After processing the responses, we create the persistent session and store it in the database.
As no session is stored into the database during the processing of response, therefore session variables also cannot be created or stored during the this
time in a Response.
During Authorization phase:
As persistent session has already been created and stored into the database.
That's the reason getStatus () returns true at the Authorization time. We can create / store the session variables at this time as session is available in the DB.
This behavior of the Policy Server to process the response list before creating the persistent session in the database is as per design.