Monday, October 27, 2014
News from the backend
Sorry I haven't made any posts yet this semester but I have been getting a bunch done. I realized that we could potentially have session hijacking problems. After some research, I found a possible solution here that I attemped to implement. It was successful and it worked well until I realized that there were concurrency issues. Specifically, when a session token was renewed, there were often multiple requests from a client being handled at the same time and the script considered the requests with the old token to be proof of theft. I commented out this process for the time being because it was a serious usability issue and not a huge security issue. In the mean time, I figured out how to set up ssl with the server so that session theft is less likely to happen in the first place. FaceBook integration was another huge improvement that took place. Since a few minutes before writing this post, we got a notification that FaceBook login has officially been approved for MeNext! At our last presentation at RCOS, Kevin O'Connor gave us the idea to use websockets instead of AJAX calls every 5 seconds to keep the video queue and current video updated. This is now my major project because I believe that it could potentially be the biggest improvement to the efficiency and responsiveness of the site. The problem that I am currently facing with this portion is sharing session data between apache and the script that would be running the websocket.