Remote sessions

I am trying to make sense of the sessionIsRemote bit in SessionAttributeBits. In our tests this bit is false for local sessions, as expected, but also for remote sessions initiated via VNC.

Note that we do not just share the screen of an already running session that was started locally. Instead, we start a new session for another user and therefore expect to fulfill the documented condition:

A bit that indicates the session was initiated over the network.

What's the supported way to find out if a session is remote or local or even a mixture of both, given the fact that macOS allows sharing a local session remotely?

Another thing seems off in this context: When we query kCGSessionOnConsoleKey from the dictionary obtained via CGSessionCopyCurrentDictionary(), the value is true for the local session but false for the remote session. While this seems fair at first glance, I find it slightly confusing that who still reports a console session for both, local and remote users. How can we make sense of these results? Or is this a case of sharing a name but meaning different things?
Up vote post of vlbenfed Down vote post of vlbenfed
488 views
Posted by
vlbenfed
Reply
Add a Comment

Replies

In our tests this bit is false for local sessions, as expected, but also for remote sessions initiated via VNC.

That doesn’t surprise me. My take on sessionIsRemote is that it was intended to identify SSH sessions (although I haven’t tested that assumption lately and, in my experience, SessionGetInfo has suffered a lot of bit rot over the years).

What's the supported way to find out if a session is remote or local … ?

I think you’ve found the answer to this already, namely kCGSessionOnConsoleKey.

or even a mixture of both, given the fact that macOS allows sharing a local session remotely

Although this I’ve got no suggestions for.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment
Thanks, Quinn

I think you’ve found the answer to this already, namely kCGSessionOnConsoleKey.

Unfortunately, that is not the case. kCGSessionOnConsoleKey will also be false for local sessions that are logged in but are not in the foreground, i.e. the user actively locked their screen or a session was moved "into background" via fast user switching. For these sessions, sessionHasGraphicAccess is also always true, so no luck to use the bit as a differentiator. I currently see no way to distinguish remote "foreground" sessions from local "background" sessions with the SecuritySession APIs.

Since you don't seem to be aware of any API we could use as a replacement, is there maybe some additional hint available if a session is in the foreground or in the background?

Edit: After thinking about this some more, there could also be remote background sessions, of course.

Posted by
vlbenfed
Up vote reply of vlbenfed Down vote reply of vlbenfed
Add a Comment

Since you don't seem to be aware of any API we could use as a replacement, is there maybe some additional hint available if a session is in the foreground or in the background?

Honestly, I haven’t looked into this in many years, so I don’t have any other suggestions. I’m going to recommend that you open a DTS tech support incident so that I can allocate time to dig into the details. Although there’s no guarantee that there even is a good solution here; this is a very dusty corner of macOS.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

this is a very dusty corner of macOS

😂

I think we're going for the DTS ticket... 🤞
Posted by
vlbenfed
Up vote reply of vlbenfed Down vote reply of vlbenfed
Add a Comment