- Topics: Active | Unanswered
Pages: 1
#1 2015-05-21 08:54:35
- cuc1432216061
Connect 9 Ticket vs Session
So, I'm kinda new at this but I couldn't find any documentation so I didn't know where to turn...
In using the API, if I want a user to access come content I log them in and then pass the session id in the url like this:
http://domain.com/content_url/?session=blahblahblah
When the user is done with the content I would log them out, the session id is invalidated and they can no longer access that content which is great.
However, I noticed a vendor that does something like this:
http://domain.com/content_url/?ticket=blahblahblah
So, I have no idea what a ticket is, where it comes from, or how to invalidate it. Can anyone guide me where I can find out more information about this? Is this a preferred way to have a user access content from connect?
Thank you!
UPDATE:
Ok, soooooooooo it appears that the ticket is generated by connect. The first url is the content/training and in there is an iframe that has another link to the course with a whole bunch of url parameters. One of those is the ticket param. If you attach that ticket param as a url argument you can access that content/training without having to log the user in to get a session parameter. It seems like you can do this indefinitely? I been able to access the url with the ticket attached for days and across multiple computers.
It turns out the vendor was exposing that url in iframe of the content. I guess that answers my question in so much that "ticket" appears to be some sort of private adobe thing. I guess it's just something we live with? If you grab that internal iframe link anyone can just access that content forever?
Last edited by paul_mignard (2015-05-21 09:45:24)
Offline
Pages: 1