Manual session revocation
The solution’s library comes with a dedicated class that can be used to block any session ID that has been previously created with the use of revoke method as shown in the Example of Session Revocation code. You can submit block instructions against individual sessions from any environment provided that the role used to make API call towards DynamoDB has the right set of permissions to insert new entries into the table. When initiating Session class for the purpose of revoking individual session you also need to initialize it with the correct table name corresponding to the created stack. You can find that name in stacks’ CloudFormation output tab. How you derive the session IDs that must be blocked is subject to your own processes and due diligence. Third party A/B watermarking solution can be a viable solution to provide this type of intel. Through forensic analysis of the redistributed stream using non-authorized channels you are able to identify the original source of that stream. If that stream is token protected with session ID included, you can create a mapping of the A/B watermark identifier with session ID at the time of generating playback URL and use that one-to-one correlation to respond with the blocking action against the source of the illegally redistributed stream. Manual session revocation also allows you to respond to link-sharing occurrences through publicly accessible forums and social media. Lastly, because the session ID is retrievable from the URL path, you can build your own detection mechanism responsible for tracking session level anomalies and pick on the patterns that you recognize as a signal for malicious activity.
