Support Article
Unable to read the HTTP session from the authentication activity
SA-7726
Summary
We are unable to read the HTTP session object (HttpSession) from the authentication activity. How is this achieved?
Error Messages
None
Steps to Reproduce
Write an authentication activity
Resolution
This is not possible as per the documentation regarding Single Sign-on (https://pdn.pega.com/sites/default/files/help_v71/procomhelpmain.htm#definitions/s/singlesignon.htm):
Your authentication activities for HTTP communication can use the pxRequestor.pxHTTPServletRequest property (of mode Java Object). This is a facade object that provides most of the information received about the incoming HTTP request. A few operations are not allowed:
- Accessing the file system using getRealPath()
- Read/write access to session or request attributes
- Access to the HttpServlet
- Examination of current session Roles
- Creation of a RequestDispatcher
Despite these limitations, an activity can access the object to obtain cookie and header information.
As per the second bullet point, accessing the HttpSession property is strictly not allowed by design. This is required for J2E compliance.
Published January 31, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.