Re: Limit CA/400 Sessions

["Bernard Burchell" <bburch@xxxxxxxxxxxxxxx>]

Dan,

The problem with QLMTDEVSSN is that it's only 1 session.  You can't enter an
actual number-of-sessions in there, the value is a Yes/No type question.

A better method would be to have an initial program which checked for object
locks.  E.g. suppose you wanted to limit the number of sessions to 2.  You
could create 2 data areas for each user like DAN1 and DAN2.  Then apply
object locks first against DAN1, and if that failed, try locking DAN2, and
if that failed, sign them off.

But I would avoid using data areas because you would have hundreds of them
and the user name could not be more than 9 characters.  A far better way is
to use member locks.  Again suppose you wanted to limit the sign-on to two
sessions.

First create 2 physical files (I am using source files here, but any
physical file type would work):
CRTSRCPF QGPL/SESSION1
CRTSRCPF QGPL/SESSION2

Your user's initial program could look something like this (Note: I haven't
tested the below code so it may need a few changes):


PGM

DCL &USER *CHAR 10

RTVJOBA USER(&USER)

/*  Add member to Session1 if not there  */
CHKOBJ OBJ(SESSION1) OBJTYPE(*FILE) MBR(&USER) AUT(*OBJEXIST)
MONMSG CPF9815 EXEC(ADDPFM SESSION1 &USER)

/*  Try to lock member in Session1  */
ALCOBJ OBJ((SESSION1 *FILE *EXCLRD &USER)) WAIT(0)
MONMSG CPF1002 EXEC(DO)

/* If lock failed, first session already in use, so try session 2  */

/*  Add member to Session2 if not there  */
CHKOBJ OBJ(SESSION2) OBJTYPE(*FILE) MBR(&USER) AUT(*OBJEXIST)
MONMSG CPF9815 EXEC(ADDPFM SESSION2 &USER)

/*  Try to lock member in Session2  */
ALCOBJ OBJ((SESSION2 *FILE *EXCLRD &USER)) WAIT(0)
MONMSG CPF1002 EXEC(DO)

/*  Both sessions are in use, so sign off  */
/*  First send a status message  */
SNDPGMMSG MSGID(CPF9897) MSGF(QCPFMSG) +
  MSGDTA('Limit of two sessions exceeded.') MSGTYPE(*STATUS)
DLYJOB 5
SIGNOFF

ENDDO
ENDDO

/* Now call the main menu  */
TFRCTL USERMENU

ENDPGM

A problem with the above program is that if a user does a Sys-Req-1 it will
try and re-lock the members.  So it will be rejected or prevent a second
session from being used.  This can be avoided by placing some text on the
member which is the device name, then checking that the text is different
before rejecting a session.  You can use commands CHGPFM to put text on a
member, and RTVMBRD to retrieve the current text.

--------------
Another approach is to use exit programs.  There are two registry entries to
consider QIBM_QTG_DEVINIT and QIBM_QTG_DEVTERM.  These entries are used when
a telnet session is started and ended.  Without going into specifics here,
you can write a program that checks whether an IP address has been used and
keep track of how many times a session has been opened against an IP
address.

There was a time when I would have considered that the exit point program
was the correct approach, especially as it allows you to also specify a
device name for the session.  However discussions on this list of late
indicate that it is possible for many machines to share the same IP address,
so this may not always be a suitable method.


Bernard Burchell
Precosis Pty Ltd
bburchell@precosis.com.au
http://www.precosis.com.au


----- Original Message -----
From: <dturk@upt.com>
To: <midrange-l@midrange.com>
Sent: Thursday, August 30, 2001 3:09 AM
Subject: Limit CA/400 Sessions



Hello List --

Is there a way to limit the number of interactive sessions a user (either
twinax or CA/400) can run on the same as/400? I am aware of the QLMTDEVSSN
system value to limit a user from signing on at more than 1 workstation, but
is there a way to set a limit, say 5?

Many thanks,

Dan Turkeltaub
Technology Manager
Keeney Manufacturing
dturk@upt.com