Session Management

After a token request is sent to the AIS Server with successful authentication, the AIS Server generates a token and maintains a session for the user session according to the time out and time-to-live settings in Server Manager (rest.ini). A corresponding user session is also maintained on the EnterpriseOne HTML Server. You can view the AIS sessions in Server Manager, which displays "AIS Server" in the Display Mode for active AIS sessions. The AIS token is the key to the user session and must be passed on to all subsequent calls that use that AIS session.

For stateless AIS requests, credentials are supplied (not AIS tokens). Requests are given a temporary session that is removed after a request completes.

The original security model for mobile applications still applies, even for non-mobile clients. The deviceName (or Device ID) is not required. If Device ID is not passed, the requesting IP address is used. Thus a token requested from one device or IP address cannot be used by another device or IP address. Validation is performed every time the token is used.