Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.

authentication key questions

Avatar

Level 4

Hi,

It looks like the key when passed over to the swf is for the room you are being assigned to.

Now if somone leaves that room and goes to another would they need a new key?

My understanding is that keys expire when the room session ends.

Since I'm going to have a lot of users and I dont know if the room will ever be empty.

Do I need to hold on to a key for each room (in something like a shared object?) and check if the key is still valid when the user trys to enter a room?

If it isnt then ping for a new key?

thanks.

...russ

1 Reply

Avatar

Employee

Yes, external authentication tokens are associated to the room (they carry the user role in a particular room / account) so you do need to generate differerent tokens for different rooms (but you can use the same user id for all rooms, since it does refer to the same user moving between rooms)

The proper way to manage the session objects would be to cache the session object and use the server-to-server notification mechanism to get the event that a room has terminated (and invalidate the session object there). This way you minimize the access to our server.

If you are not using the notification services, you can cache the session for a reasonable amount of time that you think a room may be open (10 minutes, or whatever you think is appropriate) and then request a new session. If the room didn't end we'll send the same "secret" again. If the room ended (and restarted or has not restarted yet) we'll generate a new "secret".

Right now there isn't an easy way to check server-side if the session is still valid (short of calling getSession at every request) but I'll try to address this problem in a future release.