The main problem is, how would you ensure people can login to the xmpp server securely without having to login again from the web app login page?
A:
I assume that you want to send a <presence/> stanza indicating that the user is available. In that case, you need to instantiate a new session, either by logging in manually, or other means.
If you want to automatically login a user and start up the application, try using localStorage, then triggering login so that it seems like the user did not login.
If you wanted to send a <presence><show>chat</show></presence> or something akin to that, you might be able to get away with using a preexisting BOSH connection. The problem with that is you won't presence from JIDs in the roster because no probes were sent out.
I recommend the first solution. The second is there more for informational purposes than anything else. And if push comes to shove, go to http://xmpp.org. Look through BOSH XEP (if you are using it), RFC 3920 (XMPP Core) and RFC 3921 (XMPP IM).
Tim
2010-09-12 16:05:46
How secure can localStorage be? And isn't its support not very good?
2010-09-12 16:25:36
Here's some info about localStorage security: https://wiki.mozilla.org/Firefox3.1/localStorage_Security_Review. Same origin rules apply here, so the only problem is someone else using the same computer. And that's the user's fault. As for the support: Firefox 3.5+, Safari 4+, IE8+, Chrome 4+ all support it. So it's not too bad.
Tim
2010-09-18 15:15:04