Hello, Dave Cridland wrote:
>On Thu Feb 26 21:40:44 2009, Fabio Forno wrote: >> On Thu, Feb 26, 2009 at 5:05 PM, Mickael Remond >> <[email protected]> wrote: >> > With the JID you can simply reconnect to the existing running >> session >> > without having another shared state. It makes a big difference >> for large scale >> > deployment with clustering support. >> >> In this stanza? >> >> <resume xmlns='urn:xmpp:sm:0' previd='some-long-sm-id'/> >> >> Do you mean using the full jid instead of the previd or in addition? >> If it's just the jid it can work only if the server sets a resource >> with some random data, otherwise it becomes extremely easy to >> hijack a sesssion What I suggest is to have both the jid and the session id. > Because the server chooses the sm-id, it can encode the full jid into > it if needs be. My point was to avoid giving meaning to opaque data. Yes, we can do that, but if it is a good practice and a usefull information for several server, I think we can expect the XEP to promote that. -- Mickaël Rémond http://www.process-one.net/
