Log in

[King H Lam]

Code: Select all

Archived Post

Once an OpenTok session is created with code such as

        $apiObj = new OpenTokSDK(API_Config::API_KEY

API_Config::API_SECRET);

        $session = $apiObj->create_session($_SERVER["REMOTE_ADDR"]);

        echo $session->getSessionId();

        echo "<br/>";

        echo $apiObj->generate_token();

How long will the session ID be available before it expires?

I am creating an application that allows people to create a private

room is it safe to use the sessionID as the unique room ID? Or create

a new session ID when someone enters the room?

[Jose Torres]

Code: Select all

Archived Post

According to the the OT dev's the session ID's do not expire.

[Thomas Osowski]

Code: Select all

Archived Post

Jose is correct; sessions do not expire.

I'd recommend having the code generate its own unique identifier for

room IDs to avoid broadcasting sessionIDs.  As tokens are used to

control access to the session (more below) it shouldn't be a problem

but I'd still avoid making session IDs public.

Generating tokens can be viewed as granting a browser permission to

connect to the session.  So to keep access to the session private you

can use the Token generation to grant permissions based on users

(remember tokens can be global for all sessions you create or only

granted a specific session). This should provide adequate control.

Thomas

tho...@tokbox.com

On Mar 9 7:26 am Jose Torres <jmtorre...@gmail.com> wrote:

- Hide quoted text -