SecureToken 2 endtime bug

Carlos_Prata · February 3, 2015, 10:10am

Hello,

I have a big problem related to wowzatokenendtime parameter. I want that my HLS streaming url expire after 1 minute to ensure the safety of streaming.

I managed to do this, but SecureToken2 stops the streaming being executed after 1 minute, even if the ClientIP and the SessionID have been accepted. Therefore, it blocks the media .TS

This makes no sense, because the ClientIP and the sessionID are the same. It should block only new connections that trying to use the same url. As it is, I cannot have a URL that expires after 1 minute with videos that have duration of 2 minutes, for example. What the meaning of using the endtime then?

INFO server comment 2015-02-02 10:34:19 - - - - - 580.477 - - - - - - - - [vod/definst]ModuleCoreSecurity:current time stamp: 1422880459

INFO server comment 2015-02-02 10:34:19 - - - - - 580.477 - - - - - - - - [vod/definst]ModuleCoreSecurity:sessionId: 968354989

INFO server comment 2015-02-02 10:34:19 - - - - - 580.478 - - - - - - - - [vod/definst]ModuleCoreSecurity:hashReceived: 7HBwm70pLsge1a6avZ5aVKPBPCvwkvxE-4pc8Y1Wr9c=

INFO server comment 2015-02-02 10:34:19 - - - - - 580.478 - - - - - - - - [vod/definst]ModuleCoreSecurity:using exsisting httpToken for SessonId:968354989 uri:/vod/mp4:sample.mp4/media_w968354989_tkbG9jYWxtQXV0aHN0YXJ0dGltZT0xNDIyODgwMzkzJmxvY2FsbUF1dGhlbmR0aW1lPTE0MjI4ODA0NTMmbG9jYWxtQXV0aGNwZj0xMTEuMTExLjExMS0xMSZsb2NhbG1BdXRoaGFzaD03SEJ3bTcwcExzZ2UxYTZhdlo1YVZLUEJQQ3Z3a3Z4RS00cGM4WTFXcjljPQ==_16.ts

INFO server comment 2015-02-02 10:34:19 - - - - - 580.478 - - - - - - - - [vod/definst]ModuleCoreSecurity:client IP: 89.196.49.194

INFO server comment 2015-02-02 10:34:19 - - - - - 580.478 - - - - - - - - [vod/definst]ModuleCoreSecurity:hashCalculated: 7HBwm70pLsge1a6avZ5aVKPBPCvwkvxE-4pc8Y1Wr9c=

INFO server comment 2015-02-02 10:34:19 - - - - - 580.479 - - - - - - - - [vod/definst]ModuleCoreSecurity:string hashed: vod/mp4:sample.mp4?8e43a7c99a5efe59&Authendtime=1422880453&Authstarttime=1422880393

INFO server comment 2015-02-02 10:34:19 - - - - - 580.479 - - - - - - - - [vod/definst]ModuleCoreSecurity:token start time stamp: 1422880393

INFO server comment 2015-02-02 10:34:19 - - - - - 580.479 - - - - - - - - [vod/definst]ModuleCoreSecurity:token end time stamp: 1422880453

INFO server comment 2015-02-02 10:34:19 - - - - - 580.479 - - - - - - - - [vod/definst]SecureTokenDef:current time, 1422880459, is after token end time, 1422880453

I await solution. Other tokens as Akamai and WMSpanel (wmsAuth) have the endtime working properly.

Regards,

Zoran · February 3, 2015, 5:57pm

Hi,

The end time parameter is setting the end of validity for the secure token. Since the Secure Token generated is no longer valid after the end time parameter, the streaming session will stop.

What you are suggesting is to have an end time for validating the start of a stream. After the end time has passed, you would like to stop other sessions using the same token to start that stream, but the existing sessions to keep playing back the content using the same token.

Is my understanding correct?

Zoran

Denis_Gaida · February 12, 2015, 9:10pm

Hi,

IMHO is not bug.

We are TV Broadcaster, and not all our content can be broadcast for the whole world.

In my case, live streaming, is allows to realize geolock correctly.

Carlos_Prata · February 3, 2015, 1:37pm

Hi,

The end time parameter is setting the end of validity for the secure token. Since the Secure Token generated is no longer valid after the end time parameter, the streaming session will stop.

What you are suggesting is to have an end time for validating the start of a stream. After the end time has passed, you would like to stop other sessions using the same token to start that stream, but the existing sessions to keep playing back the content using the same token.

Is my understanding correct?

Zoran

Hello Zoran,

Thanks for your reply.

Yes, with RTMP I don’t have this problem because the streaming is valid until the end of video playback, even if the url/session expires. However, in HLS, as the video is divided into several chunks .TS, if I set the lower wowzatokenendtime that the length of the video, it will stop video playback.

It makes sense for you stop playing back the content at the expiration of url? For me the correct functioning is to stop only new connections/sessions.

Carlos_Prata · February 5, 2015, 9:22am

Hi,

Yes, since each of the TS chunks from the Apple HLS stream are requested by the client player, and each request is using the same secure token information, after the end time has passed, that token information is no longer valid so the playback will not continue.

I will make sure to send this use-case to our engineers to take it into consideration for a future Wowza release that would take into account the stream playback validity end time and stream start validity time.

Zoran

Thanks Zoran. Can you include this in the next release? I need to use this module and it don’t have use with this bug.

Jason_Hilton · February 5, 2015, 3:08pm

Hi,

Feature requests that are added to our backlog are reviewed and considered for future versions of Wowza Streaming Engine.

At this time I can’t confirm if this will be added or any timescales for it’s release should it be added in the future.

Thank you for the feedback.

Regards,

Jason

Zoran · February 3, 2015, 7:40pm

Hi,

Yes, since each of the TS chunks from the Apple HLS stream are requested by the client player, and each request is using the same secure token information, after the end time has passed, that token information is no longer valid so the playback will not continue.

I will make sure to send this use-case to our engineers to take it into consideration for a future Wowza release that would take into account the stream playback validity end time and stream start validity time.

Zoran

Andres_Lopezvictori1 · April 26, 2018, 10:42pm

hi any update on this?

Tomoaki_Isono · April 26, 2020, 12:38am

@Tomoaki Isono

Hi,

The version I’m using is 4.7.8 (build 2019110512392).

I’ve run into the same problem. It doesn’t seem to have been resolved yet. You need to add the length of the video to the time you can play it.

Tomoaki_Isono · April 26, 2020, 12:39am

Hi,

The version I’m using is 4.7.8 (build 2019110512392).

I’ve run into the same problem. It doesn’t seem to have been resolved yet. You need to add the length of the video to the time you can play it.

I wanted to protect my video content from Hls downloader, which is a Chrome extension.

We reproduce this problem in HLS.js,
but the Using MPEG-DASH (shaka-player.js), this problem seems to be solved.

Tomoaki_Isono · April 26, 2020, 12:37am

@Tom-Isono
Hi,

The version I’m using is 4.7.8 (build 2019110512392).

I’ve run into the same problem. It doesn’t seem to have been resolved yet. You need to add the length of the video to the time you can play it.

Tomoaki_Isono · April 26, 2020, 12:21am

The current version doesn’t seem to solve this problem, you have to take into account the length of the video in HLS, and you can easily download(HLS downloarder) the TS file by adding a Chrome extension. It’s a shame I haven’t been able to solve it.

Topic		Replies	Views
How can implement security feature where the link is set to expire in 30 minutes yet once user clicked play within the 30 minutes the video can be played in full? Wowza Streaming Engine	1	1873	August 20, 2020
Wowza secure token valid end time Wowza Streaming Engine security	1	2574	June 12, 2020
SecureToken protection in Wowza Streaming Engine - HLS Wowza Streaming Engine	1	1790	April 15, 2018
Please help me with secure token Wowza Streaming Engine security	0	1886	April 26, 2018
Secure url with parameters in wowza 2 Wowza Streaming Engine	1	1927	October 30, 2015

SecureToken 2 endtime bug

Related topics