User sessions
When a user connects to a Qodly application, a user session is automatically opened on the Qodly server to manage their access with regards to their privileges. A session cookie is generated.
When the user connects to Qodly applications through an authenticated access, the user session gets automatically their defined privileges according to the Profile associated to the user in the console.
A Qodly user session never expires, however the parent Amazon Cognito session expires after one week of inactivity.
When the user connects to the application through the Public access (the public URL access must be activated explicitely in the Console), the Qodly developer must authenticate the user and grant them a privilege or role using the Session class API. For example, you can get the list of privileges associated to the session using the getPrivileges() function, or store user information in the session's storage property.
The user only has Guest privilege by default (Session.isGuest returns true).
See this tutorial for an example of custom user authentication for public access.