On 02/11/2009 Artur Hefczyc wrote: Hi,
> > I suppose you terminate the newest client, not the oldest? In the old > > I terminate the oldest client because a normal use-case scenario > is that the user opens a new tab or window and still wants to be able > to use the client. Terminating the newest client would make it impossible. In a normal use-case scenario, we have BOSH-clients we have written ourselves. So we can add the logic to handle opening a new tab the way we like. So I think it is best to handle this case client side. > > (non-BOSH) version of HelpIM I had some similar problems. In that client > > I stored a session id in the URL. Sending the URL to somebody else by > > e.g. IM (sic) results in two bouncing sessions on two different > > locations. I have seen this kind of abuse several times. Replicating the > > cookies to another browser is a bit harder then replicating an URL, but > > still doable. Terminating the second (new) client might prevent this. > > Hm, this is a problem indeed, but I believe that this actually is a client > side > problem to solve. When we are talking about an abusive client here, so we can't rely on the client to avoid collisions / bouncing / hijacking. With some kind of script debugger it is usually easy to modify the behaviour of your scripts. So I believe this is the case we should handle server-side. greetings, Winfried -- http://www.tilanus.com xmpp:[email protected] tel. 015-3613996 / 06-23303960 fax. 015-3614406
