there is no tabcmd to expire a session. Why do you want to do this?
- Tickets my understanding are one time use. (i.e. each new report rendering needs a new ticket). Somebody correct me if I'm way off on this...
- The session is controlled by tabadmin global setting with a default of 4 hours. Changing the User Session Timeout | Tableau Software
I decrease the session timeout, but didn't kill the session.
Any idea ?
what did you decrease it to? And why do you want to kill sessions? They don't take up much in the way of resources.
Jeff, FYI tickets are not one-time use (unless you use them incorrectly ;-)
I'm just getting around to testing out multiple uses of trusted tickets. The first time I use it, the dashboard successfully renders. The second time I use it, I get the following error.
I know the wgsession sticks around, but don't think the trusted ticket sticks around. I still think it's 1-time use...
Hi Jeff, there are two different things going on here.
You originally said: Tickets my understanding are one time use. (i.e. each new report rendering needs a new ticket).
Tickets can only be redeemed once, so in that sense they're one-time. However, when you redeem the ticket, you get a session, and the session provides access to see as many views as you want, until you are signed out.
When I said "incorrect use", I was referring to redeeming the ticket each time you want to load a view. This is a common mistake people make when getting started with trusted authentication.
Hope that clarifies things!
I don't understand. What is the common "redeeming the ticket" mistake when tickets are only able to be redeemed once?
For a given user, the mistake is to redeem a ticket for every view. If your flow redeems a ticket that's already redeemed, you'll get an error (as you demonstrated above). If your flow requests a new ticket each time, this will work, but it is unnecessary.
I think what you're saying is: If a ticket has already been requested, but not yet redeemed, then just use this ticket instead of requesting a new one?
1 of 1 people found this helpful
You normally request a ticket at the time you need it (a ticket must be redeemed within a few minutes).
Here's the workflow: a user asks your web server to see a view. Your web server requests a ticket from Tableau Server, then sends the URL back to the user. The url contains the ticket and the view. After the browser does a HTTP GET with that url, the ticket is redeemed and a redirect is performed to retrieve the view.
Ticket redemption means that a session cookie is set and the user is effectively logged into Tableau Server (although it's a restricted login -- unless unrestricted trusted tickets are being used),
This workflow described here: How Trusted Authentication Works
What this doc doesn't explain well is what happens afterwards. If the user wants to see another view, they can request that view directly, without going through your web server and without requesting another trusted ticket.
Does that make sense?
Yes. This makes absolute sense now. Thanks for the explanation. And now that you say this, I do recall testing the redeem of the ticket, the session being created, the cookie syncing up to the session, and then all future requests for the session don't require a new redeem of the ticket. This was a couple years ago when I did the testing, and that knowledge must have escaped me