Cookie encryption |
Ok, ill take yours words for it. After all, I'm not so confortable with session security stuff.
Ill try to find new ways looking for your previous posts. Thanks
I finally find a way to make my group chat working in socket.io/Redis without having to read the session datas. I submit it here to be sure that i'm not making new mistakes.
Users can belong to n groups and a group can have n users, then i have a table with a double primary key (userid, groupid) and a hash unique column. When a create a new line in this table, i generate a unique string that i put in this column Code: md5(uniqid(rand(), TRUE)) and a generate a new line in the redis table with a couple uniquehash:groupid In a controller, create a simple function which take the session userid as parameter and return the differents unique hashs in a json., looking in the mysql table. The client node js gets the table with a simple ajax request to this conttroller function, and send it to the node server. The node server gets the groups id looking in the redis table. When a user do not belong anymore to a group, i destroy the database line and the redis couple in the same time. What do you think about it Narf, is there another security issue ? |
Welcome Guest, Not a member yet? Register Sign In |