Hello,
I created my own live chat and live notifications plugins (for a demo). It works well.
However, the website is not in production yet and I don't expect it to still work with a lot of users (I poll the server every few seconds).
I plan to use Amazon AWS servers (nodejs, websockets) to handle the messages. The Elgg server would still manage the logic (e.g. "Can user x read/post message in group y?"). This way, I avoid polling and the messages won't be stored in Elgg's database.
Elgg would be able to revoke authorisations (e.g. on logout) and AWS would periodically check tokens.
Do you think this idea is feasible? Do you have any advice?
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- Rohit Gupta@Rohit_1990_3676
Rohit Gupta - 0 likes
Use the below code snippet in your start.php init function. This function is called after the user has logged in successfully.
- Kerjo@Kerjo
Kerjo - 0 likes
You must log in to post replies.This can easily achieved using API
Thank you.
From a security perspective, is it sufficient to compare the cookie called "Elgg" received from the client and the one received from your snippet to consider the user "legit"? (Using only HTTPs)