What is the best way to find out if the current session ticket is still valid?

Question

question

Kim Strasser asked Sep 21, '21

What is the best way to find out if the current session ticket is still valid?

I'm not sure if I should check every time before an API is called in the client code if the current session ticket is still valid or if I should just call the desired API and then return "Not Authenticated" if the current session ticket is no more valid. When it returns "Not Authenticated", then I would call PlayFabClientAPI.LoginWithIOSDeviceID or PlayFabClientAPI.LoginWithAndroidDeviceID and after that I would call the desired API again.

Is it possible to find out somehow in the client if the current session ticket is still valid before I would call the desired API? Should I always check the current session ticket before I call the desired API?

Or is it better to call the desired API immediately without checking the current session ticket? In this case I would only execute additional code if the session ticket is no more valid.

In addition, what happens if the player uses two devices in my game? For example, the player plays on device 1, then 2 hours later he plays with the same account on device 2. 4 hours later, the player plays my game again on device 1.

What happens when the player wants to play again on his device 1? Is the current session ticket from device 1 still valid or is it no more valid because the player has used device 2 before playing again on device 1?

Authentication

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 1 · 2021-09-22T09:48:25Z

Rick Chen answered Sep 22, '21

>> Is it possible to find out somehow in the client if the current session ticket is still valid before I would call the desired API?

The login result contains the EntityTokenResponse, which contains the Token Expiration. The session ticket expiration is the same as the token expiration. You can cache the Token Expiration when the client login, then comparing the current time with the expiration time to check if the ticket is still valid.

>> In addition, what happens if the player uses two devices in my game?

Each device will have its own session ticket and Token Expiration, both are valid. The player can call the PlayFab APIs with either session ticket. You can do a quick test using Postman.

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 2 · 2021-09-21T23:10:28Z

Michael E Ortiz answered Sep 21, '21

I am new to PlayFab, and I have had similar questions, and so has so many other people. Here is my understanding.

Your Session Ticket is good for 24 hours. There is no way to invalidate a session once it is created. You just have to let it expire. If a device was left on, you'd need to create code in your game/software to force users to log in again or stealth log in for the user to generate a new Session Ticket. Having the user need to log in once they start your game or app is a good way to create a New Session Ticket, so there isn't a worry that the Session Ticket is old.

Here is where it get's crazy and a little odd for us game developers. Other devices can log on and create multiple Session Tickets, and they will all be good for 24 hours as well, and all those other devices have the ability to access and modify the PlayFab account data all at the same time since they all have their own unique Session Tickets! So be aware of this when making your software.

Just because one device logs in, it doesn't prevent or log off other devices. (It's not like an MMO where if someone logged into your account, they'd log you off)

The creators of PlayFab has made it clear that it is up to us to create our own system in our games/software to force only one "active" user at a time. You will have to get creative with your code and PlayFab to do this.

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

question