长轮询服务器原理(客户端识别)
我想在 node.js 中创建一个简单的长轮询服务器,其中通信将基于 jsonp 请求。据我所知,客户端发出请求,服务器保留响应,直到某些数据准备好或达到特定超时,然后发出来自客户端的新请求以使事情继续进行。一旦发出第一个请求,就会生成并存储会话 ID,以保留活动连接的客户端列表。现在,在从服务器到客户端的第一个响应之后,我如何识别任何其他请求属于我的活动连接列表中的哪个客户端?
我可以想象这样做:服务器的第一个响应将分配的会话 ID 发送给客户端,然后在发出下一个请求时根据该 ID 来识别他。但我认为这种方法很容易被利用,并且容易遭受身份盗窃。
I want to create a simple long polling server in node.js where communication will be based on jsonp requests. I understand that client makes request and server holds response until some data are ready or certain timeout is reached, and then new request from client is made to keep the things going. Once the first request is made, session ID is generated and stored to keep the list of actively connected clients. Now how do I identify that any other request, after the first response from server to client, belongs to which client in my list of active connections?
I can imagine to do it like this: first response from server send assigned session ID to client, and then he is identified based on this ID when making next requests. But I think this approach can be easily exploited and vulnerable to identity theft.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我会使用 cookie。
如果我担心 ID 被盗,我的下一步是使用 SSL。
I would use a cookie.
Next step for me would be to use SSL, if i was worried about ID theft.
我建议您使用一个有效且经过测试的解决方案,而不是自己编写所有代码:
https://github.com/LearnBoost/Socket.IO-node
https://github.com/LearnBoost/Socket.IO
Socket.IO 处理所有连接内容它会自动为您选择最佳的连接方法,例如 WebSockets,并在它们不可用时优雅地回退。
Instead of writing all that code yourself, I'd suggest that you go with a working and tested solution:
https://github.com/LearnBoost/Socket.IO-node
https://github.com/LearnBoost/Socket.IO
Socket.IO handles all the connection stuff for you, and it automatically selects the best possible connection Method, like WebSockets and falls back gracefully if they are not available.