Hi,
The problem therefore must be solved on the server side and I think
this is the only place where it can be resolved.
I can come up with a scenario where this is solved client-side:
I know that this can be solved on the client side too. However
since I can not be sure if all web clients can work this out I need
a mechanism to detect this on the server side too.
- the client stores a cookie that indicates if a session is active
- when starting a new session it should be set to 'true'
- when unloading the page (unload event) the cookie is set to 'false'
- at session start, the scripts should detect if the cookie is set to
true. If so, a new session with another resource must be started.
Otherwise the old session can be continued.
Yes, I think this is a good idea. It also opens opportunities to a few
more nice features on the client side.....
Still, from an abuse point of view, such a facility in the server
might
be useful (see below).
Indeed.
I suppose you terminate the newest client, not the oldest? In the old
I terminate the oldest client because a normal use-case scenario
is that the user opens a new tab or window and still wants to be able
to use the client. Terminating the newest client would make it
impossible.
(non-BOSH) version of HelpIM I had some similar problems. In that
client
I stored a session id in the URL. Sending the URL to somebody else by
e.g. IM (sic) results in two bouncing sessions on two different
locations. I have seen this kind of abuse several times. Replicating
the
cookies to another browser is a bit harder then replicating an URL,
but
still doable. Terminating the second (new) client might prevent this.
Hm, this is a problem indeed, but I believe that this actually is a
client side
problem to solve.
Artur
--
Artur Hefczyc
http://www.tigase.org/
http://artur.hefczyc.net/
