#1 2015-05-21 08:54:35

cuc1432216061

Connect 9 Ticket vs Session

So, I'm kinda new at this but I couldn't find any documentation so I didn't know where to turn...

In using the API, if I want a user to access come content I log them in and then pass the session id in the url like this:

http://domain.com/content_url/?session=blahblahblah

When the user is done with the content I would log them out, the session id is invalidated and they can no longer access that content which is great.

However, I noticed a vendor that does something like this:

http://domain.com/content_url/?ticket=blahblahblah

So, I have no idea what a ticket is, where it comes from, or how to invalidate it. Can anyone guide me where I can find out more information about this? Is this a preferred way to have a user access content from connect?

Thank you!

UPDATE:

Ok, soooooooooo it appears that the ticket is generated by connect. The first url is the content/training and in there is an iframe that has another link to the course with a whole bunch of url parameters. One of those is the ticket param. If you attach that ticket param as a url argument you can access that content/training without having to log the user in to get a session parameter. It seems like you can do this indefinitely? I been able to access the url with the ticket attached for days and across multiple computers.

It turns out the vendor was exposing that url in iframe of the content. I guess that answers my question in so much that "ticket" appears to be some sort of private adobe thing. I guess it's just something we live with? If you grab that internal iframe link anyone can just access that content forever?

Last edited by paul_mignard (2015-05-21 09:45:24)