On 02/11/2009 Artur Hefczyc wrote: Hi,
> The problem therefore must be solved on the server side and I think > this is the only place where it can be resolved. I can come up with a scenario where this is solved client-side: - the client stores a cookie that indicates if a session is active - when starting a new session it should be set to 'true' - when unloading the page (unload event) the cookie is set to 'false' - at session start, the scripts should detect if the cookie is set to true. If so, a new session with another resource must be started. Otherwise the old session can be continued. Still, from an abuse point of view, such a facility in the server might be useful (see below). > This is because it is actually possible to detect session conflict on the > Bosh server side. > Both JS clients fighting with each other for an access to the Bosh session > have own RID counters therefore every new Bosh request from one client > is repeated with the same RID by the other client. > > It is possible to detect this on the server side and terminate one of the > clients. This is what Tigase tries to do and this also works quite > well. I suppose you terminate the newest client, not the oldest? In the old (non-BOSH) version of HelpIM I had some similar problems. In that client I stored a session id in the URL. Sending the URL to somebody else by e.g. IM (sic) results in two bouncing sessions on two different locations. I have seen this kind of abuse several times. Replicating the cookies to another browser is a bit harder then replicating an URL, but still doable. Terminating the second (new) client might prevent this. greetings, Winfried -- http://www.tilanus.com xmpp:[email protected] tel. 015-3613996 / 06-23303960 fax. 015-3614406
