Rest - Monitoring active users (Licensing vs Session Authentication)

license
rest
authentication

(Nicholas Whitall) #1

Hi guys, at a high level epicor licenses control how many available slots there are. When you login to the default user the session is created and the available slot is decreased.

Looking at the rest service I can connect to the rest help page, which prompts me for a login which you then enter your credentials. This to me does not appear to create a session and therefore does not take a slot on the license table?

My question is their a way to monitor sessions to the rest service currently? If there is no session limit to the rest service conceivably can’t a client create an application which replaces a number of high use functions and then reduce their license count and bypass the licencing limits.

Obviously this is intentional behaviour and realistically Epicor would have to go to a new pricing paradigm correct?


(Hugues Aubuchon) #2

Hello Nicholas,

Did you ever get an answer to this ? I am looking for the same information.

Thanks.


(Nicholas Whitall) #3

I haven’t got an official answer unfortunately. I did some testing myself though, no amount of tokens I obtained would change the amount of available slots.

Before obtaining a token from rest
There are 20 sessions

After obtaining token. (nothing changes)
There are 20 sessions

After logging into epicor on 2 accounts.
There are 18 sessions avaiable

Therefore it would appear that currently Epicor does not create/link a session when a REST token is obtained.

I looked into it and you could use the Ice.BO.AdminSessionSvc method to create and remove sessions in the system if you wanted. This modifies rows in the ice.SessionState table.


(Bart Elia) #4

Ahhh the great misunderstanding between authentication and licensing. I think I have a few dozen posts on this running around and assume I should write up an Experts Thesis once and for all…

First - Don’t confuse a Session and a License ‘Claim’.
They are two separate entities and concepts with only a single aspect crossing over between them…

A License Claim is someone reserving a particular license with a set timeout. What’s the timeout? Whatever is set for the User:


As long as the user connects to the server in under 480 minutes in this case, it continues its claim. It resets the claim forward another 480 minutes or whatever the setting.

So the next question is always, how do I make a claim?

When the server is called, a claim is made immediately as a part of the service call instance - GetList, GetRows, ChangeThis, etc. A license is checked for and claimed for the life of the server call. At the end of the call, poof the claim goes away and license returned to the pool after the 1 ms for a fast call or 4 hours for an MRP run. Without other factors, the single call is the life of the license claim.

But I make a bunch of calls in a users process if someone uses up licenses, I get an out of license error!(Entering a sales order makes more than a single server call obviously)

That’s where Session comes into play.
When you make the first call to the server, call SessionModSvc.Login(). It will return you a SessionID and the server will start persisting the Session State for 72 hours of non access or until the client calls ‘SessionModSvcLogOut’.

Urban legend is that 72 hours is to cover someone partially entering data on Friday and leaving work without saving so they can click ‘Save’ on Monday morning and continue like there was no time gap. This pattern is from the mid 90s in Vantage … 4? Earlier? So predates my involvement with the code base

FYI - The Login / Logout can be done for you automatically if you use the client’s Ice.Core.Session object and use that Session with Client Impl classes.

The SessionID will need to be passed to the server on every call. It’s a part of the Call Headers and has been discussed in other threads before. It allows a client to have faith in holding a license claim between calls among other needs. As long as you show up with a SessionID holding a License Claim under the time limits, you are good to go … well forever. You’ll never get the dreaded ‘out of licenses’ error.

If you just want to call the server with no session for a fast query, go ahead - just remember to deal with out of license issues on your own :slight_smile:

I hope that helps?


(Nicholas Whitall) #5

Thanks for the insight Bart! :grin: