Adobe Connect User Community
Menu

Pages: 1

Topic closed

#1 2009-04-30 11:12:49

**_johnsmith_**

validity of a cookie

Hi,

I'm using the Web API in order to authenticate users on a separate server (this server knows all Connect login/passwords). Once users are authenticated I redirect them to the Connect server with the appropriate cookie session:
https://www.myconnectserver.com/mymeeti … 54fdfdsfsd

My question is:
How can I be sure that this session cookie couldn't be use again in the future? (for example by someone who intercepted it or even by the same person a few days later)

How long are these cookies valid for the Connect server?
Is there a way to invalidate them? (after calling the api with action=logout, the given url above still connects me).

To bypass this issue, is there a way with the API to invalidate an account? (I guess in this case https://www.myconnectserver.com/mymeeti … 54fdfdsfsd will ask for credentials).


Thanks a lot for any information or idea.
I spent a lot of time looking for this kind of info in the documentation and in the connectusers forum but I couldn't find the answer to these points.

John

Offline

#2 2009-05-01 08:18:00

**_arouwa_**

Re: validity of a cookie

Hi,

i'm sorry i don't have an answer for your probleme but i have a question for you.

i want to know how you save cookie because i send a request with a login and password and have a response with status=ok and i send a request to have my BREEZESESSION and after i don't know how to save my cookie.

i'm using vb.net


thanks a lot

Arouwa

Offline

#3 2009-05-04 07:42:39

**_johnsmith_**

Re: validity of a cookie

Hi Arouwa,

In fact once I have the BREEZESESSION cookie, I just redirect mention this cookie in the url of the redirect.

Afterwards, the cookie of the user redirected is automatically managed by the user's browser (this cookie is then put in the http header automatically).

This cookie is supposed to expire when the user disconnects but that is not what I notice: I can still use the link with the BREEZESESSION in the url.
It seems a security issue for me and I don't know what to try to invalidate the use of this BREEZESESSION.

Hope my answer helps you

John

Offline

#4 2011-02-07 19:14:35

**_Akolade_**

Re: validity of a cookie

I have the same problem. Calling Logout seems to do nothing as far as invalidating the cookie stored by the browser. Causing big issues for me.

Offline

#5 2011-02-08 18:35:18

**_jcooper9099_**

Re: validity of a cookie

They were good for quite some time in connect 7.5 my tests showed 18 hours. In connect 8 you can set the time outm by default it is 30 minutes I beleive.

Offline

Pages: 1

Topic closed

Board footer