Creates a Metrici session. This permits a client to sign on to Metrici using a session token, rather than a user logon reference and password.
<password>password</password> <firstUseTimeoutPeriod/> <timeoutPeriod/> <clientSessionToken/> <clientIdentificationString/> <signOnURL/>
firstUseTimeoutPeriod is the number of seconds before which the session must be used for the first time. A value of 0, the default, means to use the sessionTimeoutPeriod. If the session is being used to populate an iframe, then set this to the maximum length of time expected for the population to work, e.g. 60 seconds.
sessionTimeoutPeriod is the number of seconds after use for which the session should stay active. It defaults to 1800. A value of 0 means no timeout.
clientSessionToken is a string which is passed by the caller which must be identical on all subsequent calls. This is optional, and it can instead be set on first use.
clientIdentificationString is a string which carries information about the client that is to use the session. It is optional, and is not checked, but is returned by the GetUser service. This is used when one system signs on on behalf of another client (e.g. a browser), and can then be used by Advisor to check that it is used by the intended client. (It is not checked by the services because it might not be an exact match, e.g. server may identify browser by an IP4 address, and Advisor by an IP6 address.)
signOnURL is a URL that is accessible to Xerula and returned with an error 101 when services are passed a sessionToken but authorisation fails. This is useful when the user should be redirected to another website for sign on.
The CreateSessionService is often used with the userLogonReferenceEffective option to allow one user to create a session token on behalf of another user.
sessionToken is a string which can then be used in place of the userLogonReference and password to sign the user on.
101 - Not authorised
103 - Parameter error.