[Building Sakai] Portal 2.9. Floating Chat Problem

Tania Tritean TTritean at loi.nl
Mon Mar 25 01:29:02 PDT 2013 

Hello,

We are trying to fix something in the portal floating chat (2.9.1) and I want to know your opinion about the solution:

The following steps have to be done to reproduce the bug  - After login a user can see the connections and chat windows of previously logged in user:


  1.  log is with user1  - let's say it has 4 connections and checks the 'show offline connections' checkox
  2.  logout
  3.  login in the same tab with user2 - let's say it has just 2 connection, the 'show offline connections' checkbox will not be selected by this student
Result : user2 will see for few seconds(until the getLatestData is called) the connections, settings ('show offline connections'), chat windows of user1.
Expected result: user2 will start with a clean chat

I looked a bit over the code and as far as I sow the problem is caused by the fact that at LOGOUT action the sessionStorage object is not cleaned up.
So if I logout with user1 and inspect the sessionStorage object I will still have the settings, connection etc there.
When user2 logs in the sessionStorage object will be taken and used to provide data for the chat (chat.js init method).



I was thinking at 2 possible solutions:
1. clear the sessionStorage object when a logout action is triggered(also I have to cover the session expire case).
2. in the session storage instead of 4 items for the chat, I can add only one map  key = userid, value the initial map with 4 items. When using the session storage data I should use it only if it is for the current user.

The option2 can still cause some 'security problems' since the data is still there in the sessionStorage object.

What is your advice? What approach should we take? Is there another way to solve this?

Regards,

Tania Tritean







Tania Tritean
Tel.: 035 629 39 23

Leidse Onderwijsinstellingen bv
Leidsedreef 2
2352 BA Leiderdorp
www.loi.nl

________________________________

[Nederland wordt steeds slimmer. Leidse Onderwijsinstellingen]

De informatie verzonden met dit e-mailbericht (en bijlagen) is uitsluitend bestemd voor de geadresseerde(n) en zij die van de geadresseerde(n) toestemming hebben dit bericht te lezen. Gebruik door anderen dan geadresseerde(n) is verboden. De informatie in dit e-mailbericht (en de bijlagen) kan vertrouwelijk van aard zijn en kan binnen het bereik vallen van een wettelijke geheimhoudingsplicht. Indien u deze e-mail ten onrechte ontvangen hebt, wordt u verzocht ons daarvan zo spoedig mogelijk per e-mail of telefonisch op de hoogte te stellen, en het ontvangen bericht (en de bijlagen) te wissen zonder deze te lezen, te kopi?ren of aan derden bekend te stellen.

P  Denk aan het milieu voordat u dit bericht print

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20130325/2ab5ae73/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nwss_loi29.gif
Type: image/gif
Size: 4378 bytes
Desc: nwss_loi29.gif
Url : http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20130325/2ab5ae73/attachment.gif

More information about the sakai-dev mailing list