Is setting RequiresSession to True really required?

I usually create my service implementation classes via TRORemoteDataModule which makes it easier to configure it, via the form designer.
Out of habit, I always have a SessionManager service with RequiresSession set to false and providing the StartSession and EndSession methods.
I then have all my other services set RequiresSession to true which forces my clients to call SessionManager.StartSession before doing any actual work with the other services.

This is proving quite a discomfort because the sessions expire and some clients end up getting SessionNotFoundException exceptions which they are not capable of handling. I could modify the clients to ping on a regular basis, or make them cope with the exception, but I’d rather solve this server side.

As such, I looked at my services implementation and I have two situations:

  1. Nothing is stored into the session
  2. The service is used as the client event receiver ServiceName

In the first case, I can simply set RequiresSession to false and clear the value of the SessionManager property.
But in the second case, I believe that I still need the session for the events to work. However, setting RequiresSession to false does not seem to have any undesirable effect. I know the session is recreated by TRORemoteDataModule.DoOnActivate every time it is needed, but I’m wondering if I’m safe with leaving RequiresSession to false while still having assigned a proper value to SessionManager. What is your take on this?



You can perform login in the Channel.OnLoginNeeded event. it is designed for this case.

How things work:

  • Unprotected (like LoginService) services can be accessed w/o stored session. they should have RequiresSession = False.
  • Protected (like DataService) services that can be accessed only after login method, have RequiresSession = True

See more about Login at the Authentication and Login article

this is incorrect. Session will be created only after calling the CreateSession method or the Session property.

in this case session isn’t created automatically and it may have some side effects

I can recommend this scenario:

  • clients should use the Channel.OnLoginNeeded event.
    in this event you can call your LoginService.StartSession.
    your users won’t see the SessionNotFoundException exception anymore.

  • other services use RequiresSession = true.

Thanks, but basically, I’m not needing any form of authentication, the sessions was just there to store some custom data between calls.
After a rewrite, this use case is not even required anymore, and so I can completely get rid of RequiresSession on most services.
There is, however, one service that is used as the client event receiver ServiceName and I’m basically wondering if there is a need for a session in that scenario.
I believe that this is the case, which leaves me wondering: can I leave it to be recreated automatically by setting RequiresSession to false on that particular service?


try to use it.
if something goes wrongly you can always return to old solution.
I don’t know your project so it may work correctly with it.

FWIW, this is how I trigger the events:

GetNewEventSinkWriter(SomeParam).NotifySomeEvent(Session.SessionId, Param1, Param2, Param3);

I believe this recreates the session as needed

My unit tests are still all passing, I’ll monitor the situation.


you address to the Session property:


this code creates session

1 Like