Rest - Monitoring active users (Licensing vs Session Authentication)

license
authentication
rest

(Nicholas Whitall) #1

Hi guys, at a high level epicor licenses control how many available slots there are. When you login to the default user the session is created and the available slot is decreased.

Looking at the rest service I can connect to the rest help page, which prompts me for a login which you then enter your credentials. This to me does not appear to create a session and therefore does not take a slot on the license table?

My question is their a way to monitor sessions to the rest service currently? If there is no session limit to the rest service conceivably can’t a client create an application which replaces a number of high use functions and then reduce their license count and bypass the licencing limits.

Obviously this is intentional behaviour and realistically Epicor would have to go to a new pricing paradigm correct?


(Hugues Aubuchon) #2

Hello Nicholas,

Did you ever get an answer to this ? I am looking for the same information.

Thanks.


(Nicholas Whitall) #3

I haven’t got an official answer unfortunately. I did some testing myself though, no amount of tokens I obtained would change the amount of available slots.

Before obtaining a token from rest
There are 20 sessions

After obtaining token. (nothing changes)
There are 20 sessions

After logging into epicor on 2 accounts.
There are 18 sessions avaiable

Therefore it would appear that currently Epicor does not create/link a session when a REST token is obtained.

I looked into it and you could use the Ice.BO.AdminSessionSvc method to create and remove sessions in the system if you wanted. This modifies rows in the ice.SessionState table.


(Bart Elia) #4

Ahhh the great misunderstanding between authentication and licensing. I think I have a few dozen posts on this running around and assume I should write up an Experts Thesis once and for all…

First - Don’t confuse a Session and a License ‘Claim’.
They are two separate entities and concepts with only a single aspect crossing over between them…

A License Claim is someone reserving a particular license with a set timeout. What’s the timeout? Whatever is set for the User:


As long as the user connects to the server in under 480 minutes in this case, it continues its claim. It resets the claim forward another 480 minutes or whatever the setting.

So the next question is always, how do I make a claim?

When the server is called, a claim is made immediately as a part of the service call instance - GetList, GetRows, ChangeThis, etc. A license is checked for and claimed for the life of the server call. At the end of the call, poof the claim goes away and license returned to the pool after the 1 ms for a fast call or 4 hours for an MRP run. Without other factors, the single call is the life of the license claim.

But I make a bunch of calls in a users process if someone uses up licenses, I get an out of license error!(Entering a sales order makes more than a single server call obviously)

That’s where Session comes into play.
When you make the first call to the server, call SessionModSvc.Login(). It will return you a SessionID and the server will start persisting the Session State for 72 hours of non access or until the client calls ‘SessionModSvcLogOut’.

Urban legend is that 72 hours is to cover someone partially entering data on Friday and leaving work without saving so they can click ‘Save’ on Monday morning and continue like there was no time gap. This pattern is from the mid 90s in Vantage … 4? Earlier? So predates my involvement with the code base

FYI - The Login / Logout can be done for you automatically if you use the client’s Ice.Core.Session object and use that Session with Client Impl classes.

The SessionID will need to be passed to the server on every call. It’s a part of the Call Headers and has been discussed in other threads before. It allows a client to have faith in holding a license claim between calls among other needs. As long as you show up with a SessionID holding a License Claim under the time limits, you are good to go … well forever. You’ll never get the dreaded ‘out of licenses’ error.

If you just want to call the server with no session for a fast query, go ahead - just remember to deal with out of license issues on your own :slight_smile:

I hope that helps?


(Nicholas Whitall) #5

Thanks for the insight Bart! :grin:


(Aaron Moreng) #6

@Bart_Elia hey sorry to dig this one up. We recently implemented a REST integration and we also have a few new users constantly in Epicor. The REST integration runs API calls sessionless and has without issues, but with the new people consuming sessions, I am occasionally seeing a “max licenses” issue.
Is the right approach to re-write the integration to create a session? It’s hard to envision a session for this type of application…


(Chris Conn) #7

Speaking for salesmen everywhere, I am pretty certain the proper approach is buying wads of new licenses :stuck_out_tongue:


(Aaron Moreng) #8

Hah I know, guess who just hit up his CAM for more licenses?? :wink:


(Chris Conn) #9

lol


(Bart Elia) #10

The right thing would be to buy more license …
(checks to see if the sales guys have left)

Actually it depends on your needs. If you are running a few session-less and they take some time you will hold a license and block someone in a session based client and vice versa as explained above. If you grab a session for an integration, you will protect the integration and force the ‘out of session’ issues onto other users such as those using the full desktop.

It’s up to you. It’s a pain - not MSFT OS or SQL Server (let alone Oracle) licensing bad but the licensing world in the tech industry is not always the easiest. You can try the session based and see how it goes.

Also, in … 10.2.200? 300? we introduced a new trace - ice/license ? (check your appserver.config.template). It is trimmed just to monitoring license counts and is not verbose as the old trace for ice/Session which had a lot of info. You can turn that on and monitor sessions for a day or two and see your activity.