LOGIN-STATE attribute
- Last Updated: February 11, 2026
- 1 minute read
- OpenEdge
- Version 13.0
- Documentation
Returns a character value that represents the current state of the client-principal object.
Data type: CHARACTER
Access: Read-only
Applies to: Client-principal object handle
The following table lists the valid values and how they can be set.
| This value... | Is set... |
|---|---|
"INITIAL"
|
(Default value) From the creation of an unsealed client-principal object using the CREATE CLIENT-PRINCIPAL until the object is sealed, and after calling the INITIALIZE( ) on a sealed or unsealed client-principal object in any state. |
"LOGIN"
|
After the user identity represented by an unsealed client-principal object is successfully authenticated and the object is sealed using the SEAL( ) method, SECURITY-POLICY:SET-CLIENT( ) method, the SET-DB-CLIENT function, or via an OpenEdge STS. |
"SSO"
|
After a client principal is sealed by a non-OpenEdge user authentication process. |
"LOGOUT"
|
After executing the LOGOUT( ) method on a sealed client-principal object in the LOGIN state or SSO state. |
"EXPIRED"
|
After executing the SEAL( ) method, SET-CLIENT( ) method, SET-DB-CLIENT function, or IMPORT-PRINCIPAL( ) method, VALIDATE-SEAL( ) method, or some external, non-OpenEdge seal procedure and the date and time set for the LOGIN-EXPIRATION-TIMESTAMP attribute has expired. |
"FAILED"
|
After executing the AUTHENTICATION-FAILED( ) method on an unsealed client-principal object or after a user authentication operation fails on an unsealed client-principal object when calling the SET-CLIENT( ) method or SET-DB-CLIENT function. |
"NO-LOGIN"
|
The login operation could not be completed. This state is set after a user authentication operation on an unsealed client-principal object fails due to some policy restriction when calling the SET-CLIENT( ) method or SET-DB-CLIENT function, where the authentication is done by an OpenEdge STS. |
"NO-ACCESS"
|
The user is denied access. This state is set after a user authentication operation on an unsealed client-principal object fails due to some policy restriction when calling the SET-CLIENT( ) method or SET-DB-CLIENT function, where the authentication is done by an OpenEdge STS. |
"REVOKED"
|
The user account's access has been revoked. This state is set after a user authentication operation on an unsealed client-principal object fails due to some policy restriction when calling the SET-CLIENT( ) method or SET-DB-CLIENT function, where the authentication is done by an OpenEdge STS. |
"DISABLED"
|
The user account is disabled. This state is set after a user authentication operation on an unsealed client-principal object fails due to some policy restriction when calling the SET-CLIENT( ) method or SET-DB-CLIENT function, where the authentication is done by an OpenEdge STS. |
"LOCKED"
|
The user account is locked. This state is set after a user authentication operation on an unsealed client-principal object fails due to some policy restriction when calling the SET-CLIENT( ) method or SET-DB-CLIENT function, where the authentication is done by an OpenEdge STS. |
The following figure illustrates the supported transitions between the states described in the table above.
When the AVM sets this attribute, it also sets the STATE-DETAIL attribute with a description of the current state. If this setting occurs as a result of invoking the AUTHENTICATION-FAILED( ) method, the AVM uses any string value you pass to this method to set the STATE-DETAIL attribute.
Attempting to write to this attribute returns a warning message.
See also
AUTHENTICATION-FAILED( ) method, CREATE CLIENT-PRINCIPAL statement, IMPORT-PRINCIPAL( ) method, INITIALIZE( ) method, LOGIN-EXPIRATION-TIMESTAMP attribute, LOGOUT( ) method, SEAL( ) method, SET-CLIENT( ) method, SET-DB-CLIENT function, STATE-DETAIL attribute, VALIDATE-SEAL( ) method