[Standards] XEP-0198 suggestion (Stream management)

Dave Cridland dave at cridland.net
Thu Feb 26 21:47:38 UTC 2009


On Thu Feb 26 21:40:44 2009, Fabio Forno wrote:
> On Thu, Feb 26, 2009 at 5:05 PM, Mickael Remond
> <mickael.remond at process-one.net> wrote:
> > With the JID you can simply reconnect to the existing running  
> session
> > without having another shared state. It makes a big difference  
> for large scale
> > deployment with clustering support.
> 
> In this stanza?
> 
> <resume xmlns='urn:xmpp:sm:0' previd='some-long-sm-id'/>
> 
> Do you mean using the full jid instead of the previd or in addition?
> If it's just the jid it can work only if the server sets a resource
> with some random data, otherwise it becomes extremely easy to  
> hijack a
> sesssion

Because the server chooses the sm-id, it can encode the full jid into  
it if needs be.

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade



More information about the Standards mailing list