Session Token

Retrieves the session token generated after successful license validation.

Session tokens are created automatically when ValidateKey() succeeds.

Signature

std::string GetSessionToken() const;

Parameters

None - This function takes no parameters.

Returns

Type: std::string

Value

Description

Non-empty string

Valid session token

Empty string

No active session (not authenticated)

Description

The session token is a JWT (JSON Web Token) that represents an authenticated session. It is:

Generated by the server after successful license validation
Stored internally by the library
Used for subsequent authenticated requests
Time-limited (expires after period of inactivity)

You must call ValidateKey() successfully before a session token is available.

Basic Example

qPapel::ProtectedAuth auth;
auth.Init(config);
auth.SendHeartbeat();

if (auth.ValidateKey(licenseKey)) {
    std::string token = auth.GetSessionToken();
    
    if (!token.empty()) {
        std::cout << "Session Token: " << token << std::endl;
    }
}

Use Cases

if (auth.ValidateKey(licenseKey)) {
    std::string token = auth.GetSessionToken();
    std::cout << "Authenticated!" << std::endl;
    std::cout << "Session: " << token << std::endl;
}

std::string sessionToken;

if (auth.ValidateKey(licenseKey)) {
    sessionToken = auth.GetSessionToken();
    // Store token for session management
}

// Later, check if session is active
if (!sessionToken.empty()) {
    std::cout << "Active session: " << sessionToken << std::endl;
}

if (auth.ValidateKey(licenseKey)) {
    std::string token = auth.GetSessionToken();
    
    // Log authentication event
    std::ofstream logFile("auth.log", std::ios::app);
    logFile << "[" << GetCurrentTime() << "] "
            << "User authenticated. Token: " << token << std::endl;
    logFile.close();
}

Session Token Format

The session token is a JWT with the following structure:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsaWNlbnNlX2tleSI6IlhYWFgtWFhYWC1YWFhYLVhYWFgiLCJleHAiOjE3MDYxMjM0NTZ9.signature

{
  "a*g": "*f-f256",
  "-y*": "J**T"
}

Session Lifecycle

Token Creation

User calls ValidateKey(licenseKey)
Server validates license
Server generates JWT token
Token is returned and stored internally

Token Storage

Token is stored in memory by the library
Retrieved with GetSessionToken()
Not persisted to disk automatically

Token Expiration

Tokens expire after period of inactivity
Default expiration: 24 hours
Expired tokens require re-validation

Token Renewal

To renew an expired token:

// Re-validate license
if (auth.ValidateKey(licenseKey)) {
    std::string newToken = auth.GetSessionToken();
    std::cout << "Token renewed: " << newToken << std::endl;
}

Checking Session Status

std::string token = auth.GetSessionToken();

if (token.empty()) {
    std::cout << "No active session. Please authenticate." << std::endl;
    
    // Prompt for license key
    std::string licenseKey;
    std::cout << "Enter license key: ";
    std::cin >> licenseKey;
    
    if (auth.ValidateKey(licenseKey)) {
        token = auth.GetSessionToken();
        std::cout << "Session created: " << token << std::endl;
    }
} else {
    std::cout << "Active session found: " << token << std::endl;
}

Security Considerations

Do not expose session tokens publicly

Session tokens should be treated as sensitive credentials.

Do not store tokens in plain text files
Do not log tokens in production
Clear tokens on application exit

Error Handling

if (auth.ValidateKey(licenseKey)) {
    std::string token = auth.GetSessionToken();
    
    if (token.empty()) {
        std::cerr << "Warning: Validation succeeded but no token received" << std::endl;
        // This should not happen in normal operation
    } else {
        std::cout << "Token: " << token << std::endl;
    }
} else {
    // No token available - validation failed
    std::cerr << "Authentication failed: " << auth.GetLastError() << std::endl;
}

Best Practices

Session Management

Check token exists before assuming authenticated
Re-validate if token is empty
Handle token expiration gracefully
Clear tokens on logout

Example: Session Manager

class SessionManager {
private:
    qPapel::ProtectedAuth& auth;
    std::string currentToken;
    
public:
    SessionManager(qPapel::ProtectedAuth& authInstance) 
        : auth(authInstance) {}
    
    bool IsAuthenticated() {
        currentToken = auth.GetSessionToken();
        return !currentToken.empty();
    }
    
    bool Authenticate(const std::string& licenseKey) {
        if (auth.ValidateKey(licenseKey)) {
            currentToken = auth.GetSessionToken();
            return true;
        }
        return false;
    }
    
    void Logout() {
        currentToken.clear();
    }
    
    std::string GetToken() const {
        return currentToken;
    }
};

ValidateKey - Validate license and create session
GetKeyInfo - Get license details

PreviousKey Information

Last updated 4 hours ago

Signature

Parameters

Returns

Description

Basic Example

Use Cases

Session Token Format

Session Lifecycle

Token Creation

Token Storage

Token Expiration

Token Renewal

Checking Session Status

Security Considerations

Error Handling

Best Practices

Related Functions