| Cookie encryption |
I finally find a way to make my group chat working in socket.io/Redis without having to read the session datas. I submit it here to be sure that i'm not making new mistakes.
Users can belong to n groups and a group can have n users, then i have a table with a double primary key (userid, groupid) and a hash unique column. When a create a new line in this table, i generate a unique string that i put in this column Code: md5(uniqid(rand(), TRUE))and a generate a new line in the redis table with a couple uniquehash:groupid In a controller, create a simple function which take the session userid as parameter and return the differents unique hashs in a json., looking in the mysql table. The client node js gets the table with a simple ajax request to this conttroller function, and send it to the node server. The node server gets the groups id looking in the redis table. When a user do not belong anymore to a group, i destroy the database line and the redis couple in the same time. What do you think about it Narf, is there another security issue ? |
| Messages In This Thread |
|
Cookie encryption - by saturnales - 03-20-2016, 05:37 PM
RE: Cookie encryption - by Narf - 03-21-2016, 01:08 AM
RE: Cookie encryption - by saturnales - 03-21-2016, 09:22 AM
RE: Cookie encryption - by Narf - 03-21-2016, 11:11 AM
RE: Cookie encryption - by saturnales - 03-22-2016, 05:10 PM
RE: Cookie encryption - by Narf - 03-23-2016, 01:31 AM
RE: Cookie encryption - by arma7x - 03-22-2016, 08:16 PM
RE: Cookie encryption - by saturnales - 03-23-2016, 06:00 AM
RE: Cookie encryption - by saturnales - 03-23-2016, 06:17 AM
RE: Cookie encryption - by Narf - 03-23-2016, 07:40 AM
RE: Cookie encryption - by saturnales - 03-23-2016, 09:03 AM
RE: Cookie encryption - by saturnales - 03-26-2016, 07:17 AM
|
