Closed hbredin closed 8 years ago
The number of available channel is configurable in SSEClients.js
I will change the implementation to use objects and not array to store channels informations. The identifier of the channels will no longer integer, but hash. It's good for security because the SSE Entrypoint is not secured by session. It's however not possible to connect to SSE Entrypoint if channel is already used by another.
Also, maybe the channel should be "released" by the client on logout?
Yes, but the thread is never stopped on logout and is overridden by login, and i suspect the deamon flag doesn't destroy the thread on client exit.
I don't know much about asynchronous python but maybe threading.Thread
is not the best way to do that, then.
Also, why is the SSE entry point /listen/:channel_id
not secured by session?
It's not possible in the python context to use async system because SSE is a persistent connexion to server. Thread is only solution for this feature (is same in websocket context). It's not problem, i will find a simple solution.
The entrypoint is not secured by session because it's not possible to retrieve a cookie in tortilla for inject in SSE connexion. but is secured by "POST /listen" request for retrieve and create an unique channel id (channel id is a session id for sse context). That's why I will not use an incremented id but a unique hash generated by POST /listen request.
Channel is destroyed if client closed connection.
I am closing this issue and will open a new one labeled "enhancement" as a note-to-self for future improvements...
Looks like the number of channels is limited to 10.
This fails after the 10th login: