Session tokens

A session token is an 8-byte binary value that uniquely identifies a client HTTP connection that is in use between CICS® as an HTTP client, and an HTTP server. The use of a session token for each active connection means that CICS web support can distinguish between the connections that are being used by different application programs, and also means that an application program can control more than one connection.

A connection begins in response to a WEB OPEN command issued by a user application program. The session token is returned on successful completion of the WEB OPEN command, and is used on all the EXEC CICS WEB commands issued by the application program concerning that connection.

By using the connection, the user application program can make HTTP client requests to the server, and receive responses from it. The connection can persist for more than one exchange of a request and a response. See How CICS web support handles persistent connections for more details about how CICS web support handles persistent connections and how they are terminated.

If the server terminates the connection, the application program cannot send any further requests using that connection, but it can read the response that the server sent before it terminated the connection. The session token remains valid for use on commands to access that data, until the application issues the WEB CLOSE command.

After the WEB CLOSE command is issued, the session token that applies to the connection is no longer valid. If the application program does not issue a WEB CLOSE command, the session token becomes invalid at the end of the task. If you have implemented connection pooling for client HTTP connections, CICS might pool the connection in a dormant state for reuse by another application or another instance of the same application. The session token does not persist after a connection is pooled, so an application that reuses the client connection is given a new session token for its use of the connection.

The maximum number of open HTTP client connections, in use with session tokens, that can be present simultaneously in a CICS region is 32,768.