Starting with V10.0, Cora SeQuence has been renamed to Cora Orchestration.
V9.3 and later
Overview
Cora SeQuence uses server-side memory cache and database persistence to store user's session data between requests.
Client-side cookies are used to store session state between requests. Therefore, browser cookies must be enabled and unblocked when running Cora SeQuence site applications.
You can control session cache configuration, database persistence, and browser cookie behavior in the web.config file.
Session properties
Configuration is optional for most properties.
The application and enabled properties are explicitly tagged in the root position in the web.configfile.
<sequence.engine>
<web>
<session application="Flowtime" enabled="true" />
</web>
</sequence.engine>You can also configure the session properties for some specific location by setting these properties under the <location path="location name"> tag in the web.config file.
| Property | Description |
|---|---|
| enabled | Specifies if the Cora SeQuence session is used or not.
|
| lifetime | Specifies the time period, in minutes, after which the session authentication cookie expires. Default value: 20 NOTE Starting with V10.2, a session expiration warning message is displayed n minutes before the session authentication cookie expires. You can configure the To set a value other than default, make sure to configure this property in the root position of the <web> location in the web.config file.Portal.Session.SessionWarningCountdownTime application variable to determine when to display the session expiration warning.For details about the application variable, see this article. |
| sessionCookiePath | Standard browser cookie property. Restricts the cookie to a specific path. Default value: / |
| maxLifetime | Specifies the time period, in minutes, for maximum cookie expiration.maxLifeTime is not a sliding expiration property. For security purposes, login is required after the maxLifeTime period expires, even if the user has been actively using the application during the specified time period.Default value: 1440 |
| sessionCookieSecure | Standard browser cookie property. If set to “true”, the cookie is sent with the client’s request only over a secure connection (SSL). Default value: false NOTE After initial installation, if you have configured the Cora SeQuence web application to work with HTTPS, you need to change the configuration to send the session cookie using secure connection only. |
| sessionCookieName | Contains the prefix of the unique cookie name as it appears in the browser. The actual cookie name includes the prefix followed by the Application property. For example, SQSessionAdministration. Default value: SQSession |
| application | Identifies the application name. This property accepts any value when manually configured. Default values: Administration or Flowtime. |
| sessionCookieDomain | Standard browser cookie property. Specifies the cookie domain. Default value: "" |
| cacheMaxSize | Specifies the maximum number of sessions stored in the cache. Default value: 0 (unlimited) |
| cacheItemFade | Time period, in minutes, during which the system keeps the data related to a specific session after the session has finished. Default value: 10 |
| reuseSession | Enables the session token to be reused across browsers or devices for the same user in the same application.
Default value: true |
V8.7-V9.2
Overview
Starting with Cora SeQuence V8.7, user data is stored using a session authentication module that can be controlled by a new Session element in the web.config file.
Using ASP.NET Session State object for user authentication persistence, referred to as AuthenticatedUser, is no longer supported.
The ASP.NET session state is disabled by default in Flowtime installations, but it is still available in Administration installations to support backward compatibility.
Cora SeQuence session configuration
Cora SeQuence uses a cookie to store users’ state between requests. You can configure the web.config file to control the usage and attributes of the cookie.
Just like with earlier versions of Cora SeQuence, cookies must be enabled on the client browser to ensure that the Administration and Flowtime sites function properly.
Cora SeQuence generates a unique session cookie name for each site, Administration and Flowtime.
Properties
The following table describes the attributes that you can configure for Cora SeQuence session.
Configuration is optional.
| Property | Description |
|---|---|
| enabled | Specifies if the Cora SeQuence session is used or not. This property is defined in two locations in the web.config file:
|
| lifetime | Specifies the time period, in minutes, after which the session authentication cookie expires. Same behavior as in ASP .NET session cookie. Default value: "20" |
| sessionCookiePath | Standard browser cookie property. Restricts the cookie to a specific path. Default value: ”/” |
| maxLifetime | Specifies the time period, in minutes, for maximum cookie expiration.maxLifeTime is not a sliding expiration property. For security purposes, login is required after the maxLifeTime period expires, even if the user has been actively using the application during the specified time period.Default value: "1440" |
| sessionCookieSecure | Standard browser cookie property. If set to “true”, specifies that the cookie is sent with the client’s request only over a secure connection (SSL). Default value: "false" Note: After initial installation, if you have configured the Cora SeQuence web application to work with HTTPS, you need to change the configuration to send the session cookie using secure connection only. |
| sessionCookieName | Standard browser cookie property. Contains the prefix of the unique cookie name as it appears in the browser. The unique name is generated dynamically in runtime for each application, and cannot be controlled in the web.config file. The actual cookie name includes the prefix followed by a unique ID. For example, SQSession_123456.Default value: "SQSession" |
| sessionCookieDomain | Standard browser cookie property. Specifies the cookie domain. Default value: "" |
IMPORTANT
- If you used the ASP.NET
session state to store and retrieve any data in your Flowtime custom implementation, when you upgrade to V8.7, you need to enable the ASP.NET session state in the
web.configfile. - In future versions of Cora SeQuence, the ASP.NET session state will be disabled by default in Administration installations too.
