• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Cookie encryption

#11
Ok, ill take yours words for it. After all, I'm not so confortable with session security stuff.

Ill try to find new ways looking for your previous posts.

Thanks
Reply

#12
I finally find a way to make my group chat working in socket.io/Redis without having to read the session datas. I submit it here to be sure that i'm not making new mistakes.

Users can belong to n groups and a group can have n users, then i have a table with a double primary key (userid, groupid) and a hash unique column. When a create a new line in this table, i generate a unique string that i put in this column
Code:
md5(uniqid(rand(), TRUE))

and a generate a new line in the redis table with a couple uniquehash:groupid

In a controller, create a simple function which take the session userid as parameter and return the differents unique hashs in a json., looking in the mysql table.

The client node js gets the table with a simple ajax request to this conttroller function, and send it to the node server.

The node server gets the groups id looking in the redis table.

When a user do not belong anymore to a group, i destroy the database line and the redis couple in the same time.

What do you think about it Narf, is there another security issue ?
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.