I have a Faye server written in NodeJS and a web client using the Faye Web client. My code on the server already takes care of validating an incoming user subscription and issues a token back to the client. This token is a JWT token which expires in 1 minute. The client sends this token back to the server in each subsequent message it publishes to the server via a client side extension. The server validates this token using a server side Faye extension and does not publish messages containing any expired token to other clients (By setting the message.error field).
This works well for restricting clients with expired sessions from publishing. But it does not prevent them from receiving published messages even after the session has expired. For the time being I have an incoming Faye extension in the client side which detects the expiration error and makes it unsubscribe but this makes the design depend on the client side code for unsubscribing which is not ideal in terms of security IMO.
So may I know how to expire a subscription of a specific client from the server itself. Is this possible at all or are there any workarounds to achieve this other than depending on the client code?
My project source can be found on Github via the link below
https://github.com/harindaka/faye-poc/tree/678ac8491ed03309a2acde8df36bf9dca2d89c87
fayeServer._server._engine.destroyClient(clientId, function() {});
. Note that I'm using the faye-redis
engine. Can anyone confirm if this is the correct way to do this? Thanks.Ok I was able to do this by callingfayeServer._server._engine.destroyClient(clientId, function() {});
. Note that I'm using thefaye-redis
engine. Can anyone confirm if this is the correct way to do this? Thanks.