• Article for your preferred language does not exist. Below is international version of the article.

Article ID: 124302, created on Jan 27, 2015, last review on Jan 27, 2015

  • Applies to:
  • APS 2.x

Symptoms

This article contains general information about APS security token generation and renewal procedure.

Resolution

In APS security model, all interaction with APS controller from JavaScript views is done using security tokens. Token is generated for specific user and it provides access to all resources available in that user's context.

Each time a page is loaded in POA UI, a token is generated for currently logged in user. It is then stored in aps.context.token JavaScript variable in the APS frame context.

All APS JavaScript widgets that communicate with APS bus (aps/Store, aps/xhr) pass this token automatically.

All tokens have an expiration timeout. This is done to prevent any malicious party from using it if a user accidentally left his machine without locking it.

Default expiration timeout is 30 minutes in both POA 5.5 and 6.0.

NOTE: Token is generated when the page is loaded, we have a feature request to automatically renew it each time a token is used.

In addition to this, one can change token expiration timeout by update in POA database. However, on all production POA environments timeout will always be equal to 30 minutes and such modifications may only be attempted for testing/development purposes. Here are the timeout values (in seconds) in POA database:

plesk=> SELECT * FROM properties WHERE name='saas.aps.security.token_validity_period';
 prop_id | pkg_id |                  name                   | default_value |                  description                  | askuser | setonce | transient | edit | private | mandatory | valtype | prote
cted
---------+--------+-----------------------------------------+---------------+-----------------------------------------------+---------+---------+-----------+------+---------+-----------+---------+------
-----
   12498 |   1971 | saas.aps.security.token_validity_period | 1800          | Validity period of security token in seconds. | n       | n       | n         | n    | n       | n         | number  | n
   12530 |   1972 | saas.aps.security.token_validity_period | 1800          | Validity period of security token in seconds. | n       | n       | n         | n    | n       | n         | number  | n
   12575 |   1974 | saas.aps.security.token_validity_period | 1800          | Validity period of security token in seconds. | n       | n       | n         | n    | n       | n         | number  | n
   12607 |   1975 | saas.aps.security.token_validity_period | 1800          | Validity period of security token in seconds. | n       | n       | n         | n    | n       | n         | number  | n
(4 rows)

Each row corresponds to individual package imported into POA.

Relevant links:

Search Words

token

timeout

renew

security

authentication

context

70bf700e0cdb9d7211df2595ef7276ab 717db81efe94e616312b74fb03a5d474

Email subscription for changes to this article
Save as PDF