I am using alfresco default web script to get a ticket for a user but i am not sure till when this obtained ticket is valid.
Also i am extracting ticket is from obtained XML response of alfresco default login web script.
Does a ticket has any expiry date or once a ticket is obtained, it will not expire till session expiry?
The following property set on the Alfresco repository, along with its default value, configures the ticket life span to be one hour:
authentication.ticket.validDuration=P1H
You can override such property in the usual way. Meaningful values are described in the Duration class:
* The lexical representation of duration is
* PnYnMnDTnHnMnS.
*
* P is a literal value that starts the expression
* nY is an integer number of years followed by the literal Y
* nM is an integer number of months followed by the literal M
* nD is an integer number of days followed by the literal D
* T is the literal that separates the date and time
* nH is an integer number of hours followed by a literal H
* nM is an integer number of minutes followed by a literal M
* nS is a decimal number of seconds followed by a literal S
Please note that by default successful usages of a ticket will renew its validity, meaning that given a ticket validity of one hour, if you authenticate, say, a web script call using the ticket after 59m from its generation, its validity will be extended to another hour.
As the ticket lifecycle is completely configurable, have a look at the ticketComponent Spring bean defined in authentication-services-context.xml to see the available options (e.g. setting oneOff to true to only allow one single use of a given ticket).
The best way to handle alfresco authentication tickets is to handle it manually. E.g. for getting a ticket, use OOTB web script.
http://localhost:8080/alfresco/service/api/login?u=admin&pw=admin
which return ticket such as TICKET_29ced6613a114294fa4bb9e67bf663112076f3d9 (needs to be extracted).
Now when using this ticket for any kind of operation, try to verify ticket validity using OOTB alfresco web script.Note that this is a HTTP GET method based web script
GET /alfresco/service/api/login/ticket/{ticket}
http://localhost:8080/alfresco/service/api/login/ticket/TICKET_29ced6613a114294fa4bb9e67bf663112076f3d9?alf_ticket=TICKET_29ced6613a114294fa4bb9e67b663112076f3d9
Thing to note here is that you need to authenticate this web script also by appending ?alf_ticket={ALFRESCO_TICKET} without which it will not work.
Finally when you are done with your things, always log out using OOTB alfresco logout web script. Note that this is a HTTP DELETE method based web script
DELETE /alfresco/service/api/login/ticket/{ticket}).
http://localhost:8080/alfresco/service/api/login/ticket/TICKET_29ced6613a114294fa4bb9e67bf663112076f3d9?alf_ticket=TICKET_29ced6613a114294fa4bb9e67bf663112076f3d9
Again you need to authenticate this web script also by appending ?alf_ticket={ALFRESCO_TICKET} without which it will not work.
This way you can ensure proper authentication as well as system will not be overburdened with stale tickets.
P.S. http://wiki.alfresco.com/wiki/Repository_RESTful_API_Reference#Logout
