The token the service (either Cognito Identity or STS, depending on the params you used) generates has its own expiration.If you manually overwrite the , which determines how long the credentials are valid for.C i am using above solution in My Logout Action class while users performs log out, i tested this in Mozill Firefox 17.0.1 .I write all the above headers and then invalidate the session.now if the user clicks the back button to go back to the welcome page.He stays on the same "show user details" page, because of the This is working perfectly. and i'm invalidating the session in logout.jsp, when clicked, it checks for some token attribute (which is set when the user logs in), and if it doesn't find it, it redirects to the login page.There isn't anything else we can do from the SDK side to cause the service to return this error.In order to keep the authenticated state and track the users progress within the web application, applications provide users with a session identifier (session ID or token) that is assigned at session creation time, and is shared and exchanged by the user and the web application for the duration of the session (it is sent on every HTTP request). With the goal of implementing secure session IDs, the generation of identifiers (IDs or tokens) must meet the following properties: The name used by the session ID should not be extremely descriptive nor offer unnecessary details about the purpose and meaning of the ID. Therefore, the session ID name can disclose the technologies and programming languages used by the web application.
When one SWF file disconnects, Live Cycle Data Services cannot invalidate the HTTP session.
Expiry date is not configurable and waiting an hour for the token to expire is a lot of time wasted when debugging. In that case the credentials will get renewed in the next request and only after that we can continue with the API Gateway request.
The issue we are having is that for each request through AWS API Gateway we need to get credentials ( we'd like to implement a logic that would wait for the credentials to be reloaded and then continue with the API Gateway request, but for that we'd need an easy way to invalidate the session token (or to simulate this in other way). But not being able to set expiry time manually means that if we want to handle this "get request - So, the error you're seeing is coming from a service, it isn't one that the SDK itself generates.
RTMP channels connect to individual SWF files, so when the connection is closed, the associated Flex Session is invalidated.
This is not the case with HTTP-based channels because HTTP is a stateless protocol.