Handling the Applicative State in MobileFirst Platform Foundation v7.1

In previous versions of MobileFirst Platform Foundation, the logged-in state of clients was wholly dependent on an HTTP session. After logging in, the end user remained logged in only as long as the HTTP session was alive. If either the application restarted, or the HTTP session ended, the end-user was automatically logged out.

Starting with MobileFirst Platform Foundation 7.1, you can configure your applications to work in session-independent mode. The session-independent mode decouples the link between login and HTTP sessions, allowing communication between the application and the MobileFirst Server to no longer require to be session-dependent. This feature enables you to take down a server, without breaking user sessions.

When writing server components, such as MobileFirst adapters, the applicative state was previously saved on the HTTP session either directly by using a session object or by using JavaScript global variables. You can no longer use HTTP sessions or global variables to persist data across requests. Instead, applications should use any third party persistency layer (e.g. database) to store applicative state. To help you with it, MobileFirst 7.1 also exposes a new API method getClientId that returns a unique identifier associated with the client. You can use it as a database key.

Consider the following examples:

• Shopping Cart application in which the user can add, retrieve or remove items from a cart and save the decisions. The application can be implemented with an adapter that is using a third-party database to save the applicative state of the cart.
• An application that requires a registration process - think of an app with a registration process that includes a couple of steps in which the user needs to fill in details. You want to allow the user to stop at any step and continue later by temporarily save the application state. For example: any application with a payment system.
• Remember Me application - when a user is trying to access a protected resource, a login screen appears with a check box labeled "Remember Me". By selecting the check box, the user is trusted for a pre-defined period of time instead of having to log in every session.
  You can find a sample application in the Remember Me tutorial.
• Two-Step authentication application - an application where the user is required to answer two security questions. After the initial authentication that uses, for example, a username and a password, an additional authentication step is required, such as a login pin, a secret word, or similar identification.
  You can find a sample application in the Two-Step adapter authentication tutorial. In this example, a secret word is implemented for the second authentication step.

To learn more about "Session-independent mode" review its topic in the user documentation