Wowza Community

SecureToken 2 endtime bug

Hello,

I have a big problem related to wowzatokenendtime parameter. I want that my HLS streaming url expire after 1 minute to ensure the safety of streaming.

I managed to do this, but SecureToken2 stops the streaming being executed after 1 minute, even if the ClientIP and the SessionID have been accepted. Therefore, it blocks the media .TS

This makes no sense, because the ClientIP and the sessionID are the same. It should block only new connections that trying to use the same url. As it is, I cannot have a URL that expires after 1 minute with videos that have duration of 2 minutes, for example. What the meaning of using the endtime then?

INFO server comment 2015-02-02 10:34:19 - - - - - 580.477 - - - - - - - - [vod/definst]ModuleCoreSecurity:current time stamp: 1422880459

INFO server comment 2015-02-02 10:34:19 - - - - - 580.477 - - - - - - - - [vod/definst]ModuleCoreSecurity:sessionId: 968354989

INFO server comment 2015-02-02 10:34:19 - - - - - 580.478 - - - - - - - - [vod/definst]ModuleCoreSecurity:hashReceived: 7HBwm70pLsge1a6avZ5aVKPBPCvwkvxE-4pc8Y1Wr9c=

INFO server comment 2015-02-02 10:34:19 - - - - - 580.478 - - - - - - - - [vod/definst]ModuleCoreSecurity:using exsisting httpToken for SessonId:968354989 uri:/vod/mp4:sample.mp4/media_w968354989_tkbG9jYWxtQXV0aHN0YXJ0dGltZT0xNDIyODgwMzkzJmxvY2FsbUF1dGhlbmR0aW1lPTE0MjI4ODA0NTMmbG9jYWxtQXV0aGNwZj0xMTEuMTExLjExMS0xMSZsb2NhbG1BdXRoaGFzaD03SEJ3bTcwcExzZ2UxYTZhdlo1YVZLUEJQQ3Z3a3Z4RS00cGM4WTFXcjljPQ==_16.ts

INFO server comment 2015-02-02 10:34:19 - - - - - 580.478 - - - - - - - - [vod/definst]ModuleCoreSecurity:client IP: 89.196.49.194

INFO server comment 2015-02-02 10:34:19 - - - - - 580.478 - - - - - - - - [vod/definst]ModuleCoreSecurity:hashCalculated: 7HBwm70pLsge1a6avZ5aVKPBPCvwkvxE-4pc8Y1Wr9c=

INFO server comment 2015-02-02 10:34:19 - - - - - 580.479 - - - - - - - - [vod/definst]ModuleCoreSecurity:string hashed: vod/mp4:sample.mp4?8e43a7c99a5efe59&Authendtime=1422880453&Authstarttime=1422880393

INFO server comment 2015-02-02 10:34:19 - - - - - 580.479 - - - - - - - - [vod/definst]ModuleCoreSecurity:token start time stamp: 1422880393

INFO server comment 2015-02-02 10:34:19 - - - - - 580.479 - - - - - - - - [vod/definst]ModuleCoreSecurity:token end time stamp: 1422880453

INFO server comment 2015-02-02 10:34:19 - - - - - 580.479 - - - - - - - - [vod/definst]SecureTokenDef:current time, 1422880459, is after token end time, 1422880453

I await solution. Other tokens as Akamai and WMSpanel (wmsAuth) have the endtime working properly.

Regards,

Hi,

The end time parameter is setting the end of validity for the secure token. Since the Secure Token generated is no longer valid after the end time parameter, the streaming session will stop.

What you are suggesting is to have an end time for validating the start of a stream. After the end time has passed, you would like to stop other sessions using the same token to start that stream, but the existing sessions to keep playing back the content using the same token.

Is my understanding correct?

Zoran

Hi,

IMHO is not bug.

We are TV Broadcaster, and not all our content can be broadcast for the whole world.

In my case, live streaming, is allows to realize geolock correctly.

Hi,

The end time parameter is setting the end of validity for the secure token. Since the Secure Token generated is no longer valid after the end time parameter, the streaming session will stop.

What you are suggesting is to have an end time for validating the start of a stream. After the end time has passed, you would like to stop other sessions using the same token to start that stream, but the existing sessions to keep playing back the content using the same token.

Is my understanding correct?

Zoran

Hello Zoran,

Thanks for your reply.

Yes, with RTMP I don’t have this problem because the streaming is valid until the end of video playback, even if the url/session expires. However, in HLS, as the video is divided into several chunks .TS, if I set the lower wowzatokenendtime that the length of the video, it will stop video playback.

It makes sense for you stop playing back the content at the expiration of url? For me the correct functioning is to stop only new connections/sessions.

Hi,

Yes, since each of the TS chunks from the Apple HLS stream are requested by the client player, and each request is using the same secure token information, after the end time has passed, that token information is no longer valid so the playback will not continue.

I will make sure to send this use-case to our engineers to take it into consideration for a future Wowza release that would take into account the stream playback validity end time and stream start validity time.

Zoran

Thanks Zoran. Can you include this in the next release? I need to use this module and it don’t have use with this bug.

Hi,

Feature requests that are added to our backlog are reviewed and considered for future versions of Wowza Streaming Engine.

At this time I can’t confirm if this will be added or any timescales for it’s release should it be added in the future.

Thank you for the feedback.

Regards,

Jason

Hi,

Yes, since each of the TS chunks from the Apple HLS stream are requested by the client player, and each request is using the same secure token information, after the end time has passed, that token information is no longer valid so the playback will not continue.

I will make sure to send this use-case to our engineers to take it into consideration for a future Wowza release that would take into account the stream playback validity end time and stream start validity time.

Zoran

hi any update on this?

@Tomoaki Isono

Hi,

The version I’m using is 4.7.8 (build 2019110512392).

I’ve run into the same problem. It doesn’t seem to have been resolved yet. You need to add the length of the video to the time you can play it.

Hi,

The version I’m using is 4.7.8 (build 2019110512392).

I’ve run into the same problem. It doesn’t seem to have been resolved yet. You need to add the length of the video to the time you can play it.

I wanted to protect my video content from Hls downloader, which is a Chrome extension.

We reproduce this problem in HLS.js,
but the Using MPEG-DASH (shaka-player.js), this problem seems to be solved.

@Tom-Isono
Hi,

The version I’m using is 4.7.8 (build 2019110512392).

I’ve run into the same problem. It doesn’t seem to have been resolved yet. You need to add the length of the video to the time you can play it.

The current version doesn’t seem to solve this problem, you have to take into account the length of the video in HLS, and you can easily download(HLS downloarder) the TS file by adding a Chrome extension. It’s a shame I haven’t been able to solve it.