Automatic Session Tracking

The BASIC Web Utility 1.1 automatically manages session information using a single HTTP cookie called $sesid. The format of the session information is defined by creating a global string (STBL) named $sestpl that contains the string template definition for the session. This string must be defined before the application CALLs utcgi.wbb and triggers the internal session management.

call "utcgi.wbb",env$,cgi$,errmsg$

In the above example, the session tracks name, custid, and items array fields. Any input from a form or URL that appears in cgi$ is automatically updated in the session values.

To retrieve the session record, do one of the following:

dim session$:stbl("$sestpl")


call "utses.wbb",0,session$,errmsg$

Use the utses.wbb program to store any manipulated session data as follows:

call "utses.wbb",1,session$,errmsg$

Session expiration and deletion is handled automatically based on a 24 hour session lifespan; however, this can be controlled with the global string $sesage, which stores a numeric value of hours. This does two things:

  • Records stored on the server are automatically purged when the numeric value is reached. This purge takes place each time utcgi.wbb is called with session management triggered. If the value of $sesage is 0 or less, it defaults to 24.

  • The cookie used for the session, which is stored on the client (browser) machine, is given an expiration time in hours. If it is set to 0 or less, the browser has no expiration time and expires by default when the user exits the browser.

A session can be manually deleted from the server using the utses.wbb program:

call "utses.wbb",2,"",errmsg$

For session tracking to work, the user account CGI tasks run under must have write rights to the "utses.dat" file. In addition, if the file is not present the first time session tracking is used, the BASIC Web Utility creates the file in the BASIC Web Utility directory, and, therefore, must have permission to create the file.