Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

How often does the authentication token changes?

Avatar

Avatar
Validate 1
Level 1
scharles415
Level 1

Likes

0 likes

Total Posts

33 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 1
scharles415
Level 1

Likes

0 likes

Total Posts

33 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile
scharles415
Level 1

14-03-2011

We are using the php library to create authentication token.  We have 20 different rooms but we use one developer/LCCS account. For weeks every time we get the authentication toke from php code, it is the same. Recently it changed. I could not find any documentation on this. Shouldn't I get a different authentication token every time I call the getAuthenticationToken() method? Why do I keep on getting same token for the same room?

  $am = new RTCAccount($accountURL);

      $am->login($devuser, $devpass);

      $session = $am->getSession($room);

      $role = 100;

    $token = $session->getAuthenticationToken($secret, $user, $user, $role);

I am thinking that I need to disconnect the session or something but I can not find any documentation on this.

Accepted Solutions (0)

Answers (5)

Answers (5)

Avatar

Avatar
Boost 5
Level 2
nzezelj
Level 2

Likes

14 likes

Total Posts

82 posts

Correct Reply

6 solutions
Top badges earned
Boost 5
Boost 3
Boost 10
Boost 1
Applaud 5
View profile

Avatar
Boost 5
Level 2
nzezelj
Level 2

Likes

14 likes

Total Posts

82 posts

Correct Reply

6 solutions
Top badges earned
Boost 5
Boost 3
Boost 10
Boost 1
Applaud 5
View profile
nzezelj
Level 2

14-03-2011

A bit of documentation on the subject can be found at http://learn.adobe.com/wiki/display/lccs/6.4+Authentication+setup

Yes, your authentication token will always be the same for a particular secret/user/userID/role combo with the same session and the same room.  In order to get a different token for such a combo you would need to get a new session.  But this is intended behaviour.  Do you have a particular worry about token not changing with every getAuthenticationToken() call?

Thanks,

Nikola

Avatar

Avatar
Validate 1
Level 1
scharles415
Level 1

Likes

0 likes

Total Posts

33 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 1
scharles415
Level 1

Likes

0 likes

Total Posts

33 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile
scharles415
Level 1

14-03-2011

Thanks Raff. This is what I was looking for. I saw invalidatesession in the lccs.php but here were no comments etc so I wanted to be sure that it is really a "disconnect or logout" in my world. Now I can give a disconnect option to my customers whenever they think the authID may have been comprised or they want to be absolutely sure that no one else can use their room.

Avatar

Avatar
Boost 50
Employee
Raff_
Employee

Likes

80 likes

Total Posts

758 posts

Correct Reply

75 solutions
Top badges earned
Boost 50
Boost 5
Boost 3
Boost 25
Boost 10
View profile

Avatar
Boost 50
Employee
Raff_
Employee

Likes

80 likes

Total Posts

758 posts

Correct Reply

75 solutions
Top badges earned
Boost 50
Boost 5
Boost 3
Boost 25
Boost 10
View profile
Raff_
Employee

14-03-2011

Again, as I said in my previous post, when you decide that your session has expired call AccountManager.invalidateSession.

Also, while logging in users in a specific session you can safely cache the session object and save a call to the server (calling getAuthenticationToken for different users in the same session doesn't call back to our service)

Avatar

Avatar
Boost 50
Employee
Raff_
Employee

Likes

80 likes

Total Posts

758 posts

Correct Reply

75 solutions
Top badges earned
Boost 50
Boost 5
Boost 3
Boost 25
Boost 10
View profile

Avatar
Boost 50
Employee
Raff_
Employee

Likes

80 likes

Total Posts

758 posts

Correct Reply

75 solutions
Top badges earned
Boost 50
Boost 5
Boost 3
Boost 25
Boost 10
View profile
Raff_
Employee

14-03-2011

Two things:

- When you call AccountManager.getSession($room) you get a "session token" for the current room session. If the room is running and never shutdown multiple call to AccountManager.getSession($room) will return the same session token, unless you want to "invalidate" a session while a room is running, in which case you would call AccountManager.invalidateSession($session)

- For a given session calling getAuthenticationToken for the same user, with the same role will always return the same authentication token (a token it's just a list of properties for a user in a room, "signed" with the session secret)

So, again, if your room never ends the session token never changes. This is the correct behaviour if you always have people in the room.

If you know that the room is empty and/or you want "clean up the room" and start a new session just call AccountManager.invalidateSession when your room session logically ends.

Avatar

Avatar
Validate 1
Level 1
scharles415
Level 1

Likes

0 likes

Total Posts

33 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 1
scharles415
Level 1

Likes

0 likes

Total Posts

33 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile
scharles415
Level 1

14-03-2011

Nicola,

The code I mentioned in my post, gets called for every page refresh, on other words for every login to the room. Obviously it is not creating a new sesssion, hence so new authtoken. I read the link you sent. It does not say how to create a new session. I only know the getsession() call from lccs.php from your sample examples. How does the session expire? when? I obviously closed my brower, accesses the application from many different PCs and rebooted the system many times still the session is active! It a mistery to me since I have been getting same token for months. If someone gets the token, they are the owner of the room! I need a way to be able to close the session whenever I want. Where is the sample code or api docs for lccs.php closinng the session and creating a new session?