views:

328

answers:

2

I'm having a lot of difficulty getting strophe's 'attach()' function working.

I am working on a social network where users will be surfing pages and at the same time keep their chat connection on. I don't want to reconnect/reauthorize on every page so as per this link (http://groups.google.com/group/strophe/browse_thread/thread/430da5e788278f3a/93c48c88164f382f?show_docid=93c48c88164f382f&fwc=1) i am storing the SID and RID into a cookie onunload.

On the next page when i try to use the new SID and RID (after incrementing it by 1) my session is already destroyed. Ejabberd reports "Error on HTTP put. Reason: bad_key"

WTF is happening?

+2  A: 

Without more logging information from ejabberd or Firebug, this will be hard to diagnose. Is the correct RID actually stored in the cookie? What does ejabberd think is the last stanza you sent, and what RID value does it have? What is the first stanza and the first RID value on the new page? How long between those two stanzas?

Updated: The reason the session gets canceled is due to the security model of BOSH. Effectively, the SID and RID pair are secret. If you know the pair, you can attach to the session. In order to keep people form being able to guess, the RID is picked randomly from a very large space. If you send an RID outside a very small window from the current RID, it will disconnect the session. The window is usually (RID, RID + 5) or so.

metajack
+1  A: 

I managed to solve the problem.

The rid was being double incremented between the page loads. By incrementing it only once the session attach started working.

I don't know why the session got cancelled, but here's what happened :

  1. Because the RID is +2 more than the previous ones, ejabberd stores the request in buffer and does not forward it to clients
  2. The next 2 requests also get stored
  3. The one after that causes ejabberd to cancel the session

Any clues?

Adil
metajack wrote the reason below. I'm adding it here because i myself missed it for several months. "The reason the session gets canceled is due to the security model of BOSH. Effectively, the SID and RID pair are secret. If you know the pair, you can attach to the session. In order to keep people form being able to guess, the RID is picked randomly from a very large space. If you send an RID outside a very small window from the current RID, it will disconnect the session. The window is usually (RID, RID + 5) or so."
Adil