Skip to content
This repository has been archived by the owner on Jan 19, 2019. It is now read-only.

Latest commit

 

History

History
33 lines (27 loc) · 1.55 KB

connection_check.md

File metadata and controls

33 lines (27 loc) · 1.55 KB

Connection check

When client connects to Centrifugo with proper connection credentials then this connection can live forever. This means that even if you banned this user in your web application he will be able to read messages from channels he already subscribed to. This is not what we want in some cases.

Project has special option: connection_lifetime. Connection lifetime is 0 by default i.e. by default connection check mechanism is off.

When connection lifetime is set to value greater than 0 then this is a time in seconds how long connection will be valid after successful connect. When connection lifetime expires javascript browser client will make an AJAX POST request to your web application. By default this request goes to /centrifuge/refresh/ url endpoint. You can change it using javascript client configuration option refreshEndpoint. In response your server must return JSON with connection credentials. For example in python:

    to_return = {
        'user': "USER ID,
        'timestamp': "CURRENT TIMESTAMP AS INTEGER",
        'info': "ADDITIONAL CONNECTION INFO",
        'token': "TOKEN BASED ON PARAMS ABOVE",
    }
    return json.dumps(to_return)

You must just return the same connection credentials for user when rendering page initially. But with current timestamp. Javascript client will then send them to Centrifugo server and connection will be refreshed for a connection lifetime period.

If you don't want to refresh connection for this user - just return 403 Forbidden on refresh request to your web application backend.