On Thu Feb 26 21:40:44 2009, Fabio Forno wrote:
On Thu, Feb 26, 2009 at 5:05 PM, Mickael Remond
<[email protected]> wrote:
> With the JID you can simply reconnect to the existing running
session
> without having another shared state. It makes a big difference
for large scale
> deployment with clustering support.
In this stanza?
<resume xmlns='urn:xmpp:sm:0' previd='some-long-sm-id'/>
Do you mean using the full jid instead of the previd or in addition?
If it's just the jid it can work only if the server sets a resource
with some random data, otherwise it becomes extremely easy to
hijack a
sesssion
Because the server chooses the sm-id, it can encode the full jid into
it if needs be.
Dave.
--
Dave Cridland - mailto:[email protected] - xmpp:[email protected]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
