JASAPI function This function uses the following information from p_Context to decide if creating a session for a particular user will be attempted:
Additionally, the user's AllowedSessions field in the juser table is taken into account. If the user's AllowedSessions field is set to 1, then if an existing session will be removed and the user is granted a new session.
IF a user is allowed numerous sessions, then a new session will be created unless they have exceeded their allowed number of logins. If they do exceed there AllowedSessions, then they will not be granted anymore.
We'd like to add a user interface so this scenario can be resolved by the user themselves but this is on our todo list. Systems such as VICI do not generally allow users multiple logins, and for telemarketing scenarios where VICI is used, it is easier to tie VICI logins to JAS users by limiting their AllowedSessions to one.
Above you might have noticed the IP address bit that this function analyzes. Basically if a request comes in from an IP address other than that of the session's originator - then access to the system is denied.
If the function returns true you are good to go. If you like, for instance an error is returned, you can interrogate what happened by getting the result code from: p_Context.rSession.i4ResultCode
Upon successful session creation, a cookie with the SESSION ID (jdconnection.JDCon_JDConnection_UID) is stored on the client named JSID. Note that form variables override COOKIE. So, it's actually cleaner to not send JSID yourself in forms posts etc unless you have a good reason. If you do not follow this advice, have a web page up and your session times out, you can not login in another page and then refresh the page you were at because you essentially hardcoded the session id into the webpage.
Values are defined in uxxj_definitions.pp Example: cnSession_PasswordsDoNotMatch