TTL for tokens

Oct 25, 2010 at 7:01 PM

Hi.

On the dev server, what is the length of time for which auth tokens are valid?

Many thanks,

Ali.

Coordinator
Oct 26, 2010 at 8:08 AM

24 hours.

Oct 26, 2010 at 12:53 PM

 

Thanks for your quick response. In production, I imagine, there are more options, e.g. non-expiring token (till user explicitly take away permissions), is that correct?

Coordinator
Oct 26, 2010 at 7:43 PM

At config.healthvault-ppe.com look at the "Misc" page.  "Automatic" sign on is really a code word for application defined expiration.  The C# SDK will take the token and create a persistent cookie. 

As far as Java goes, send "persistwctoken=true" to Shell at log-in and HV will use the configured value from config.healthvault-ppe.com for the token expiration.  You can then persist the token in a cookie (or wherever) as part of a keep-me-signed-in feature.