All the APIs require authentication. Once authenticated, you are provided a session key. Nearly all methods require a session key as the first parameter. For the JSON/RPC API, you call this method to begin:

	/**
	 * Authenticate user
	 *
	 * @param login    user's username
	 * @param password user's password
	 * @return session key if authentication is successful, "-1" if authentication fails for any reason
	 * @module User
	 * @usertype None
	 */
	public String authenticate(String login, String password) { ... }

CODE

Duration

Session Keys are generally valid for 30 minutes of inactivity; though, their duration is configurable. Furthermore, the duration of a session key is extended as it is used. If you want to extend the duration of a session key, then you can "tickle" it by invoking the following:

FlexClient client = new FlexClient(url);
String tickleTime = (new Date()).toString();
LabelValueBean bean = new LabelValueBean();
bean.setLabel("TickleTime");
bean.setValue(tickleTime);
client.setUserPreference(sessionKey, bean);
CODE

Please note: that this example is being illustrated with the Java API components (FlexClient, et al). However, the underlying call is available in the JSON/RPC API, and the approach (and data) are the same. Here's the setUserPreference() call:

	/**
	 * Set a user preference value in the database
	 *
	 * @param sessionKey user's session key
	 * @param bean       key/value pair with the user preference name / value
	 * @return <code>true</code> if successful, <code>false</code> otherwise
	 * @module User
	 * @usertype None
	 */
	public boolean setUserPreference(String sessionKey, LabelValueBean bean) { ... }
CODE

Please use the "TickleTime" preference name; this is a reserved word in NetX's preference system.

Session key related properties

PropertyDescriptionDefault
user.sessionDuration

This property controls the length of time in minutes that the internal session keys remain valid. Please only change this value if you know what you are doing as it can affect the security of your installation. The default timeout is 30 minutes.

30
user.sessionInactivityTimeout

This is based on RPC calls, but this ignores calls to setUserPreference() (which is used to "tickle" the session). So if this set to a number (in minutes), and there is no RPC activity, then the user will be prompted to keep the session active. If there is no response, the session will be expired 1 minute later. This defaults to 1 hour (60).

60
user.sessionNoTickle

By default, the UI "tickles" the session to keep it alive (every ten minutes); if "user.sessionInactivityTimeout" is set to zero, then the UI will have a session indefinitely. Conversely, if this is set to "true", then sessions will expire based on the value of "user.sessionInactivityTimeout", regardless of user activity.

false
user.sessionPersistence

This is used in conjunction with Hydra. Setting this to "true" will allow sessionKeys to be shared between Hydra nodes. Please note: be aware this does not transfer session attributes between nodes.

false