We are using the php library to create authentication token. We have 20 different rooms but we use one developer/LCCS account. For weeks every time we get the authentication toke from php code, it is the same. Recently it changed. I could not find any documentation on this. Shouldn't I get a different authentication token every time I call the getAuthenticationToken() method? Why do I keep on getting same token for the same room?
Yes, your authentication token will always be the same for a particular secret/user/userID/role combo with the same session and the same room. In order to get a different token for such a combo you would need to get a new session. But this is intended behaviour. Do you have a particular worry about token not changing with every getAuthenticationToken() call?
Thanks Raff. This is what I was looking for. I saw invalidatesession in the lccs.php but here were no comments etc so I wanted to be sure that it is really a "disconnect or logout" in my world. Now I can give a disconnect option to my customers whenever they think the authID may have been comprised or they want to be absolutely sure that no one else can use their room.
Again, as I said in my previous post, when you decide that your session has expired call AccountManager.invalidateSession.
Also, while logging in users in a specific session you can safely cache the session object and save a call to the server (calling getAuthenticationToken for different users in the same session doesn't call back to our service)
- When you call AccountManager.getSession($room) you get a "session token" for the current room session. If the room is running and never shutdown multiple call to AccountManager.getSession($room) will return the same session token, unless you want to "invalidate" a session while a room is running, in which case you would call AccountManager.invalidateSession($session)
- For a given session calling getAuthenticationToken for the same user, with the same role will always return the same authentication token (a token it's just a list of properties for a user in a room, "signed" with the session secret)
So, again, if your room never ends the session token never changes. This is the correct behaviour if you always have people in the room.
If you know that the room is empty and/or you want "clean up the room" and start a new session just call AccountManager.invalidateSession when your room session logically ends.
The code I mentioned in my post, gets called for every page refresh, on other words for every login to the room. Obviously it is not creating a new sesssion, hence so new authtoken. I read the link you sent. It does not say how to create a new session. I only know the getsession() call from lccs.php from your sample examples. How does the session expire? when? I obviously closed my brower, accesses the application from many different PCs and rebooted the system many times still the session is active! It a mistery to me since I have been getting same token for months. If someone gets the token, they are the owner of the room! I need a way to be able to close the session whenever I want. Where is the sample code or api docs for lccs.php closinng the session and creating a new session?