Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change the way RiotX identifies a session #800

Closed
bmarty opened this issue Jan 3, 2020 · 0 comments · Fixed by #802
Closed

Change the way RiotX identifies a session #800

bmarty opened this issue Jan 3, 2020 · 0 comments · Fixed by #802
Assignees
@bmarty
Labels
Z-Maintenance
Milestone
Sprint8

Comments

@bmarty
Copy link
Member

bmarty commented Jan 3, 2020
edited

Currently the SDK uses a hash of userId to identify a session. It is used to create a folder, which will store all the session data.

The problem is that it prevents from creating 2 sessions with the same user.

In the real life it could be a bad use case, but it can be useful for the TU, and especially for TU about cross-signing feature.

When multiple accounts will be supported, RiotX should ensure to prevent to create 2 sessions with the same account (same userId).

So the solution is to replace hash(userId) with hash(userId-deviceId) to identify a session, since we can now be sure that every homeservers will provide a deviceId when a session is created (this was not the case in Riot-Android, on old homeservers without crypto support)

The migrations of the files for the cryptoDB and for the authDB have to be handled properly. The sessionDB is less critical (a initial sync will be performed)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bmarty bmarty

Labels
Z-Maintenance
Projects
None yet
Milestone
Sprint8
Development

Successfully merging a pull request may close this issue.

Identify a session with the userId and the deviceId element-hq/element-android
1 participant
@bmarty