Strope Attach 和 Ejabberd 的会话恢复问题

发布于 2024-08-28 19:14:26 字数 544 浏览 6 评论 0原文

我很难让 strope 的“attach()”功能正常工作。

我正在开发一个社交网络,用户将在其中浏览页面,同时保持聊天连接。我不想在每个页面上重新连接/重新授权,因此按照此链接,http://groups.google.com/group/strope/browse_thread/thread/430da5e788278f3a/93c48c88164f382f?show_docid=93c48c88164f382f&fwc=1,我正在存储 SID 和卸载时将 RID 写入 cookie。

在下一页上,当我尝试使用新的 SID 和 RID(将其增加 1 后)时,我的会话已经被销毁。 Ejabberd 报告“HTTP put 错误。原因:bad_key”

发生了什么?

I'm having a lot of difficulty getting strophe's 'attach()' function working.

I am working on a social network where users will be surfing pages and at the same time keep their chat connection on. I don't want to reconnect/reauthorize on every page so as per this link, http://groups.google.com/group/strophe/browse_thread/thread/430da5e788278f3a/93c48c88164f382f?show_docid=93c48c88164f382f&fwc=1, i am storing the SID and RID into a cookie onunload.

On the next page when i try to use the new SID and RID (after incrementing it by 1) my session is already destroyed. Ejabberd reports "Error on HTTP put. Reason: bad_key"

WTF is happening?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

甜宝宝 2024-09-04 19:14:26

如果没有来自 ejabberd 或 Firebug 的更多日志信息,这将很难诊断。 cookie 中是否实际存储了正确的 RID? ejabberd 认为您发送的最后一节是什么,它的 RID 值是多少?新页面上的第一节和第一个 RID 值是什么?这两节之间间隔多长时间?

更新:会话被取消的原因是 BOSH 的安全模型。实际上,SID 和 RID 对是保密的。如果您认识该对,则可以附加到会话。为了防止人们能够猜测,RID是从一个非常大的空间中随机选取的。如果您在当前 RID 的非常小的窗口之外发送 RID,它将断开会话。窗口通常为(RID,RID+5)左右。

Without more logging information from ejabberd or Firebug, this will be hard to diagnose. Is the correct RID actually stored in the cookie? What does ejabberd think is the last stanza you sent, and what RID value does it have? What is the first stanza and the first RID value on the new page? How long between those two stanzas?

Updated: The reason the session gets canceled is due to the security model of BOSH. Effectively, the SID and RID pair are secret. If you know the pair, you can attach to the session. In order to keep people form being able to guess, the RID is picked randomly from a very large space. If you send an RID outside a very small window from the current RID, it will disconnect the session. The window is usually (RID, RID + 5) or so.

人生戏 2024-09-04 19:14:26

我设法解决了这个问题。

在页面加载之间,rid 会双倍递增。仅在会话附加开始工作后才增加它。

我不知道为什么会话被取消,但发生了这样的事情:

  1. RID 比之前的 RID 多+2,所以 ejabberd 将请求存储在缓冲区中,并且不会将其转发给客户端
  2. 接下来的 2 个请求也被存储
  3. 因为 之后导致 ejabberd 取消会话

有线索吗?

I managed to solve the problem.

The rid was being double incremented between the page loads. By incrementing it only once the session attach started working.

I don't know why the session got cancelled, but here's what happened :

  1. Because the RID is +2 more than the previous ones, ejabberd stores the request in buffer and does not forward it to clients
  2. The next 2 requests also get stored
  3. The one after that causes ejabberd to cancel the session

Any clues?

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文