Renders a hidden form field or an authentication token string to authenticate that a form was served by a trusted host.
The value of the field is a secret that is associated with the user's session. Upon receiving and verifying the secret, the server knows that the request came from a page that can be trusted.
This S-Tag supports the public REST APIs, but can be used in other contexts as well.
Note: This token cannot be used as a Single Sign-On auth token. This auth token can be used as the "auth" parameter for any API if the current user is logged in via a Password Login (as opposed to a Cookie Login), but NOT as the "sso_auth_token" parameter. Valid sso_auth_token parameters can only come from the login method or the getSingleSignOnToken methods of the Constituent API.
Application
Platform
Can You Add This S-Tag in the WYSIWYG content editor?
Yes
Format
-
Standard
[[S86:urlOnly:rewriteUrl]] -
XML
<convio:session name="86" param="urlOnly"/>
Parameters
All parameters are optional. When using this S-Tag without parameters, a hidden input field renders with a name of "auth" and a value of the token string.
-
urlOnly - Valid values are true or false. true renders the auth Token string only. false is the same as calling [[S86]].
-
rewriteUrl - Valid value is rewrite. This parameter runs the auth token string through the URL rewriting process to append the Session ID at the end of the token string. This is valid only when the urlOnly parameter is set to true.
Sample Code
In the following examples, the long string of characters represents the generated auth token that will be unique for every session.
[[S86]] or [[S86:false]] renders:
<input value="mqNoHO5Lxx0_ct1kSklhvQbdcl42yWWmKgXxLIDm0FzJzt3zhuhuQYMqmit86J6tC-7AWcXaHcA." name="auth" id="auth" type="hidden"></input>
[[S86:true]] renders:
mqNoHO5Lxx0_ct1kSklhvQbdcl42yWWmKgXxLIDm0FzJzt3zhuhuQYMqmit86J6tC-7AWcXaHcA.
[[S86:true:rewrite]] renders:
mqNoHO5Lxx0_ct1kSklhvQbdcl42yWWmKgXxLIDm0FzJzt3zhuhuQYMqmit86J6tC-7AWcXaHcA.&JServSessionIdr005=4lzcry4xu1.app8007