Live Chat

Hello,

I created my own live chat and live notifications plugins (for a demo). It works well.
However, the website is not in production yet and I don't expect it to still work with a lot of users (I poll the server every few seconds).

I plan to use Amazon AWS servers (nodejs, websockets) to handle the messages. The Elgg server would still manage the logic (e.g. "Can user x read/post message in group y?"). This way, I avoid polling and the messages won't be stored in Elgg's database.

  1. Client logs in to Elgg.
  2. Client sends his session cookies to AWS
  3. AWS contacts Elgg to verify client's tokens (via Elgg's web services API)
  4. AWS sends/receive messages to/from client.

Elgg would be able to revoke authorisations (e.g. on logout) and AWS would periodically check tokens.

Do you think this idea is feasible? Do you have any advice?

  • Client sends his session cookies to AWS

    Use the below code snippet in your start.php init function. This function is called after the user has logged in successfully.
     
    elgg_register_plugin_hook_handler('action', 'login', function ($hook, $entity_type, $returnvalue, $params){
      // command to send session cookie to AWS
      return true;
    });
    

    Elgg would be able to revoke authorisations (e.g. on logout)

    elgg_register_plugin_hook_handler('action', 'logout', function ($hook, $entity_type, $returnvalue, $params){
      // command to destroy session cookie to AWS
      return true;
    });

    AWS contacts Elgg to verify client's tokens/AWS would periodically check tokens

    This can easily achieved using API

  • Thank you.

    From a security perspective, is it sufficient to compare the cookie called "Elgg" received from the client and the one received from your snippet to consider the user "legit"? (Using only HTTPs)

Performance and Scalability

Performance and Scalability

If you've got a need for speed, this group is for you.