Managing Sessions

The WebDocs security model you set up works statically, not dynamically. The first time a user logs in, WebDocs looks at the user's profile and groups to find all that user's permissions and creates a static session file for that user. The next time the user logs in, WebDocs looks for an existing static session file first and, if one exists, uses the information in that file. This technique enhances WebDocs' performance and speeds up the website.

However, if a user's permissions change, you need a way to delete the existing session so that the new permissions take effect. There are three options for managing this periodic purging:

Option	Pros	Cons	How to do it
Each time you change a user or group's permissions, delete that user or group's session manually.	Changes occur immediately.	Easy to forget. Best Practice: Also set up one of the more general maintenance options below so you don't miss any changes.	After you change a user or group's permissions: From the main menu, choose 10: Work with Users and Groups. Next to the user or group, type 6and pressEnter.
Use a job to regularly delete all sessions.	Deletes all sessions regularly. Customizable schedule. If you make frequent changes, schedule daily. For infrequent changes, schedule weekly.	Changes are not immediate. Clears all sessions. So any logged-in users are logged out and lose unsaved work. Best Practice: Schedule this option to run when users are not working. For example: Friday night.	Use the DOCRMVSESU command. To delete all sessions, set the USER parameter to *ALL. Schedule this command in a job for regular maintenance.
Run a monitor that regularly deletes all inactive sessions.	Deletes all inactive sessions regularly. Does not delete any sessions active in the time you set, so 24/7 jobs are left running.	Changes are not immediate.	Use the DOCSESPRG command to set the timing for the monitor. Note: This monitor calls the DOCPRGSES command.
Automatically delete a user's session every time they log out.	Deletes sessions regularly.	Changes are not immediate. Does not delete sessions if a user closes the window but does not log out.	Set the DOCENDSESB data area to *YES.