TsgcWebSocketHTTPServer › Events › OnInvalidSession
Fires when an HTTP request presents an unknown or expired session ID so the application can decide how to react.
property OnInvalidSession: TIdHTTPInvalidSessionEvent;
// TIdHTTPInvalidSessionEvent = procedure(AContext: TIdContext; ARequestInfo: TIdHTTPRequestInfo; AResponseInfo: TIdHTTPResponseInfo; var VContinueProcessing: Boolean; const AInvalidSessionID: String) of object—
OnInvalidSession is raised when an incoming HTTP request carries a session cookie whose identifier is not present in SessionList (the session expired or was never created on this server). AInvalidSessionID is the rejected identifier and VContinueProcessing lets the handler decide what happens next: leave it True to keep dispatching the request (useful to serve a redirect to a login page from OnCommandGet) or set it to False to stop the pipeline here; in that case the application should populate AResponseInfo before returning. The event only fires when SessionState is True.
procedure OnInvalidSession(AContext: TIdContext; ARequestInfo: TIdHTTPRequestInfo;
AResponseInfo: TIdHTTPResponseInfo; var VContinueProcessing: Boolean;
const AInvalidSessionID: String);
begin
AResponseInfo.Redirect('/login');
VContinueProcessing := False;
end;