Welcome Guest, Not a member yet? Register   Sign In
Cookie encryption
#11

Ok, ill take yours words for it. After all, I'm not so confortable with session security stuff.

Ill try to find new ways looking for your previous posts.

Thanks
Reply
#12

I finally find a way to make my group chat working in socket.io/Redis without having to read the session datas. I submit it here to be sure that i'm not making new mistakes.

Users can belong to n groups and a group can have n users, then i have a table with a double primary key (userid, groupid) and a hash unique column. When a create a new line in this table, i generate a unique string that i put in this column
Code:
md5(uniqid(rand(), TRUE))

and a generate a new line in the redis table with a couple uniquehash:groupid

In a controller, create a simple function which take the session userid as parameter and return the differents unique hashs in a json., looking in the mysql table.

The client node js gets the table with a simple ajax request to this conttroller function, and send it to the node server.

The node server gets the groups id looking in the redis table.

When a user do not belong anymore to a group, i destroy the database line and the redis couple in the same time.

What do you think about it Narf, is there another security issue ?
Reply




Theme © iAndrew 2016 - Forum software by © MyBB