10 Sep
2010
10 Sep
'10
10:29 p.m.
On 05:01 pm, lvh@laurensvh.be wrote:
Right, but: a) The avatar needs to know about this timeout, since the timeout information needs to be able to make it into the HTTP response. b) The expiration time is only known to the thing that creates the access token (obviously). From the previous discussion, this is apparently ICredentialsChecker.
Is the timeout authenticated? Jean-Paul