Require that a "JID" be specified with keepalive. updates #339

2015-03-21 21:32:04 +01:00 · 2015-03-21 21:32:04 +01:00 · 1a670e1d47
commit 1a670e1d47
parent 0e535847c4
2 changed files with 27 additions and 5 deletions
--- a/converse.js
+++ b/converse.js
@ -5326,13 +5326,17 @@
                    }
                }
                if (this.keepalive) {
+                    if (!this.jid) {
+                        throw("When using 'keepalive', you must supply the JID of the current user. ");
+                    }
                    rid = this.session.get('rid');
                    sid = this.session.get('sid');
                    jid = this.session.get('jid');
-                    if (rid && jid && sid) {
+                    if (rid && sid && jid && Strophe.getBareJidFromJid(jid) === Strophe.getBareJidFromJid(this.jid)) {
                        // The RID needs to be increased with each request.
                        this.session.save({rid: rid});
                        this.connection.attach(jid, sid, rid, this.onConnect);
+
                    } else if (this.prebind) {
                        if (this.prebind_url) {
                            $.ajax({
--- a/docs/source/configuration.rst
+++ b/docs/source/configuration.rst
@ -162,6 +162,16 @@ Default: ``e.g. conversejs.org``

 The placeholder text shown in the domain input on the registration form.

+jid
+---
+
+The Jabber ID or "JID" of the current user. The JID uniquely identifies a user
+on the XMPP network. It looks like an email address, but it's used for instant
+messaging instead.
+
+This value needs to be provided when using the :ref:`keepalive` option.
+
+
 .. _`keepalive`:

 keepalive
@ -172,6 +182,12 @@ Default:    ``true``
 Determines whether Converse.js will maintain the chat session across page
 loads.

+When using keepalive, you will have to provide the `jid`_ of the current user
+to ensure that a cached session is only resumed if it belongs to the current
+user.
+
+This setting should also be used in conjunction with :ref:`prebind` and :ref:`keepalive`.
+
 See also:

 * :ref:`session-support`
@ -310,13 +326,14 @@ There are two complementary configuration settings to ``prebind``.
 They are :ref:`keepalive` and :ref:`prebind_url`.

 ``keepalive`` can be used keep the session alive without having to pass in
-new tokens to ``converse.initialize`` every time you reload the page. This
-removes the need to set up a new BOSH session every time a page loads.
+new RID and SID tokens to ``converse.initialize`` every time you reload the page.
+This removes the need to set up a new BOSH session every time a page loads.
+You do however still need to supply the user's JID so that converse.js can be
+sure that the session it's resuming is for the right user.

 ``prebind_url`` lets you specify a URL which converse.js will call whenever a
 new BOSH session needs to be set up.

-
 Here's an example of converse.js being initialized with these three options:

 .. code-block:: javascript
@ -324,6 +341,7 @@ Here's an example of converse.js being initialized with these three options:
    converse.initialize({
        bosh_service_url: 'https://bind.example.com',
        keepalive: true,
+        jid: me@example.com,
        prebind: true,
        prebind_url: 'http://example.com/api/prebind',
        allow_logout: false
@ -333,7 +351,7 @@ Here's an example of converse.js being initialized with these three options:
    simplifies the code needed to set up and maintain prebinded sessions.

    When using ``prebind_url`` and ``keepalive``, you don't need to manually pass in
-    the RID, SID and JID tokens anymore.
+    the RID, SID tokens anymore, but you still need to provide the JID.


 .. _`prebind_url`: