[Standards] XEP-0198 suggestion (Stream management)

Mickael Remond mickael.remond at process-one.net
Fri Feb 27 13:50:05 UTC 2009


Dave Cridland wrote:

>On Thu Feb 26 21:40:44 2009, Fabio Forno wrote:
>> On Thu, Feb 26, 2009 at 5:05 PM, Mickael Remond
>> <mickael.remond at process-one.net> wrote:
>> > With the JID you can simply reconnect to the existing running
>> session
>> > without having another shared state. It makes a big difference
>> for large scale
>> > deployment with clustering support.
>> In this stanza?
>> <resume xmlns='urn:xmpp:sm:0' previd='some-long-sm-id'/>
>> Do you mean using the full jid instead of the previd or in addition?
>> If it's just the jid it can work only if the server sets a resource
>> with some random data, otherwise it becomes extremely easy to
>> hijack a sesssion

What I suggest is to have both the jid and the session id.

> Because the server chooses the sm-id, it can encode the full jid into
> it if needs be.

My point was to avoid giving meaning to opaque data. Yes, we can do
that, but if it is a good practice and a usefull information for several
server, I think we can expect the XEP to promote that.

Mickaël Rémond

More information about the Standards mailing list