Sessions

Establishing a New Session

To establish a new session, call InitSession and follow the instructions in the Authentication section to log in.

Copy

http://192.168.1.2/PRT_CTRL_DIN_ISAPI.dll?Command&Type=Session&SubType=InitSession

The server will generate a Session ID and return it as a Set-Cookie HTTP header.

Making Requests

The cookie containing the Session ID must be attached to most requests. This will happen automatically in browsers and most web request libraries. If multiple session cookies are attached, only the first will be checked and all others will be ignored.

The following requests do not require a Session ID:

Command&Type=Session&SubType=InitSession
Command&Type=Session&SubType=PasswordPolicy
Command&Type=Session&SubType=SaveOperator (only applicable when controller is defaulted)
Command&Type=Session&SubType=ServerTime
Command&Type=Session&SubType=SiteName

For best performance, it is recommended to reuse existing sessions for multiple requests.

Session Timeout

Sessions can time out after a certain period of inactivity, as determined by the Enable Operator Timeout and Operator Timeout settings. When the session times out, any requests sent to the controller will fail and the session cookie will be expired.

If you need to maintain an inactive session, you can send a heartbeat:

Copy

http://192.168.1.2/PRT_CTRL_DIN_ISAPI.dll?Command&Type=Session&SubType=Heartbeat

Closing the Session

Once a session is no longer needed, it should be closed gracefully on the server side by calling CloseSession.

Copy

http://192.168.1.2/PRT_CTRL_DIN_ISAPI.dll?Command&Type=Session&SubType=CloseSession

Failing to close sessions will incur a performance penalty. The oldest session will be force expired when the total number of open sessions reaches around 80.