The Secure Token feature provides a robust method for controlling access to your video content. As part of its configuration, the session policy option helps manage how long a URL remains valid when using token-based authentication. Two session policy modes are available: Fixed and Moving.

1. Fixed Session Policy

In the fixed session policy, the session remains valid until the token expiration time, regardless of user activity. Once the token expires, all further requests will be invalid, and the session will be terminated.

URL Validity

• The URL remains valid until the token expiration time is reached, no matter when the initial request is made.
• After the token expires, the URL becomes invalid, and no further requests will be accepted.

2. Moving Session Policy

In a moving session policy, the URL remains valid as long as the user interacts with the content within the token expiration window. Each subsequent request (such as seeking within the video) must be made before the token expires to extend the session’s validity.

URL Validity

• The URL is valid when the first request is made within the token expiration time.
• Each subsequent request must also be made within the token expiration window for the session to continue.
• If the token expires before the next request, the session will terminate, and the URL will become invalid.

Implementation Notes:

• Choose the fixed session policy for scenarios where session control is based purely on time.
• Use the moving session policy for more dynamic scenarios where user engagement determines session length.

This configuration ensures that your video content is securely managed, with flexibility in how sessions are handled.