[en] About Session Management
[en] Proper session management is crucial for flows that require consuming client services. In most cases, integration with the Veritran solution does not include a login form, making it necessary to share some mechanism to validate the origin of the requests.
[en] The Veritran Platform allows integration with various session management solutions, such as shared tokens, cookies, or HTTP headers. Additionally, advanced authentication mechanisms, such as OpenID Connect, private SSO, and SAML, can be integrated, provided this is agreed upon in advance with the commercial and project teams.
[en] Integration with Shared Tokens
[en] When using a shared token, take into account the following considerations:
[en] If the token is shared via cookies, the Veritran solution must be hosted on a subdomain of the client's application, and the cookie name must be agreed upon by both parties.
[en] If the token is shared as a parameter, the name of the parameter containing the token must be agreed upon by both parties.
[en] Session Expiry Management
[en] The Veritran solution manages its own session, which has an expiry mechanism. Below are some common ways to manage a session expiry event:
[en] Display a message indicating that the session has expired.
[en] Redirect the user to a specific page.
[en] Emit events that allow the container page (in the case of using an iframe) to take action to renew the token.
[en] Automatically renew the token when consuming services.
Nota
[en] If none of the solutions above are suitable, additional options can be explored in collaboration with the commercial and project teams.