Hello John,
The token expires 3600 seconds after it was created, activity is
disregarded in this respect. Depending on the Profile token type you are
allowed to regenerate the profile token using the Generate Profile Token
From Profile Token (QSYGENFT, QsyGenPrfTknFromPrfTkn) API. Here's the
manual explanation of the Profile token type:
Profile token type INPUT; CHAR(1)
The type of the profile token to be generated.
You can specify one of the following values:
1 Single-use profile token. A single-use profile token can be used
only on the Set To Profile Token (QSYSETPT; QsySetToProfileToken) API
once and cannot be used to generate new profile tokens.
2 Multiple-use profile token. A multiple-use profile token can be
used on the Set To Profile Token (QSYSETPT; QsySetToPrfTkn) API an
unlimited number of times, but cannot be used to generate new profile
tokens.
3 Multiple-use, regenerable profile token. A multiple-use,
regenerable profile token can be used on the Set To Profile Token
(QSYSETPT; QsySetToPrfTkn) API an unlimited number of times and can be
used to generate a new single-use, multiple-use, or multiple-use,
regenerable profile token.
- And here you'll find a link to the Generate Profile Token From Profile
Token (QsyGenPrfTknFromPrfTkn) API documentation:
http://publib.boulder.ibm.com/infocenter/iseries/v5r4/topic/apis/qsygenf
t.htm
Let me know if you want some sample RPG/IV code to demonstrate the
mentioned APIs.
Best regards,
Carsten Flensburg
-----Original Message-----
From: security400-bounces@xxxxxxxxxxxx
[mailto:security400-bounces@xxxxxxxxxxxx] On Behalf Of Holmer, John
Sent: 15. april 2010 22:38
To: security400@xxxxxxxxxxxx
Subject: [Security400] Generate Profile Token Extended (QsyGenPrfTknE)
API:Token Expiration
We have created a series of web services that allow access to some
aspects of our system; these services run in the HTTP server on the i.
We have required services that modify any data to require a parameter
that is a token generated from a call to the QsyGenPrfTknE API, this API
call occurred while the user was logging into the larger web app that
consumes the iSeries web services.
My question is in regards to the expiration of the token, we pass in the
value 3600 for the parameter Time_out_interval during token creation,
but I would like to know if it always expires in an hour (for my
parameter value of 3600), or if it expires after an hour of inactivity.
If it does expire in an hour, regardless of usage, anyone know of a way
to extend the token? I would prefer to not generate a new token from
the token passed into the service, because it will be a little bit
painful for us to get that new token back into the calling web
application to be passed back again.
This communication is intended only for use by the addressee.It may contain confidential or privilegedinformation.
If you receive this communication unintentionally, please inform us immediately and delete this e-mail and any attachments.
Warning: Although we have taken reasonable precautions to ensure no viruses are present in this email, we cannot accept
responsibility for any loss or damage arising from the use of this email orattachments.
midrange.com
