Dear Rolf
Your fine explanation of token usage in an IIS environment is similar to that of our SAG consultant. I haven?t tried testing with multiple clients firing requests simultaneously without setting the token to the session id, but I?m sure you are right.
Instead I have run my test (once again) where I change the value of the token (initially set to the session id) during a session, expecting an error. And this time I do an error:
0080003 Acces Denied Password not authorized
Perhaps this is even the same error as if a thread change had taken place without assigning the token parameter?
I have no idea why I didn?t get this error in my first test run, but I?m sure I?m the one to blame, so what can I say: About token and security token, you were right, I was wrong.
Best regards,
Michael Brandt Lassen