Hmm. The way a private video works is that the token is good for ONE play. Once it is played, any subsequent request will get a 404 error.
That said - it probably depends where you are caching. If the webpage is in the users’ local cache, it will play again- as long as the window has not been closed (the session is cookie based - so as long as the cookie in the user’s browser is still there - it’ll work!)
Caching on a CDN/your server - well, now the video is not ‘private’ to one user - any request for this page will have the private video URL, and more than one person will get the token. So this will not work.
It appears that the private token is working as designed: to require an API call for each time the video is served. But let’s think about workarounds -
- Could you cache the page - and serve a dynamically created iframe?
- Use your authentication to verify users, and remove the private token for the video?
Have any other folks come up with a workaround for this issue?