You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the SDK uses a hash of userId to identify a session. It is used to create a folder, which will store all the session data.
The problem is that it prevents from creating 2 sessions with the same user.
In the real life it could be a bad use case, but it can be useful for the TU, and especially for TU about cross-signing feature.
When multiple accounts will be supported, RiotX should ensure to prevent to create 2 sessions with the same account (same userId).
So the solution is to replace hash(userId) with hash(userId-deviceId) to identify a session, since we can now be sure that every homeservers will provide a deviceId when a session is created (this was not the case in Riot-Android, on old homeservers without crypto support)
The migrations of the files for the cryptoDB and for the authDB have to be handled properly. The sessionDB is less critical (a initial sync will be performed)
The text was updated successfully, but these errors were encountered:
Currently the SDK uses a hash of userId to identify a session. It is used to create a folder, which will store all the session data.
The problem is that it prevents from creating 2 sessions with the same user.
In the real life it could be a bad use case, but it can be useful for the TU, and especially for TU about cross-signing feature.
When multiple accounts will be supported, RiotX should ensure to prevent to create 2 sessions with the same account (same userId).
So the solution is to replace
hash(userId)
withhash(userId-deviceId)
to identify a session, since we can now be sure that every homeservers will provide a deviceId when a session is created (this was not the case in Riot-Android, on old homeservers without crypto support)The migrations of the files for the cryptoDB and for the authDB have to be handled properly. The sessionDB is less critical (a initial sync will be performed)
The text was updated successfully, but these errors were encountered: