Hyland Connect

smcardle · ‎05-30-2011

Hi all

Can anybody explain why my alf_ticket(s) don't seem to expire!!!

If I get a ticket from the login web service I am still able to use that ticket several days after.

Is it possible to have tickets automatically expire after some time period, similar to the way sessions would expire after a determined time of no activity?

Regards

Steven McArdle

jpotts · ‎02-15-2012

This has always been the case. Tickets hang around for an indeterminate period of time.

Jeff

Jeff Potts
https://www.metaversant.com | https://ecmarchitect.com

smcardle · ‎04-10-2012

Thanks Jeff.

Sorry it's been some time since I looked at this but I'm ust looking into integration with OpenAM as an SSO solution and authentication is on my radar again.

I'm not sure that your response "it's always been like that" is a sufficient answer.

If tickets never expire then how do they get cleaned up in the database ? or have I finally found the reason why our Alfresco prod database is now 17Gig in size?

I would expect this behavior from something like OAuth tokens, but in this case I would save these for later and only attempt to generate new ones if I get an authentication error using an existing one.

For Alfresco tokens, the context is more closely related to say SSO tokens and often have life cycles similar too or controlled by sessions, in fact that's the basis of our current use of Alfresco tokens - whether this is correct or not is open to debate.

So, given that they don't expire…. what would be your suggestion for a usage pattern? i.e. how can I ensure I do not continually create new tokens.

Regards

Steve