Permalink
Browse files

Ensure users who log out no longer receive events

  • Loading branch information...
1 parent ce69fc2 commit 86444b0c227157047d10d1268cea05e2f7bc795c Owen Barnes committed Jul 26, 2012
Showing with 21 additions and 5 deletions.
  1. +1 −0 HISTORY.md
  2. +5 −1 doc/guide/en/authentication.md
  3. +2 −0 doc/guide/en/pub_sub_events.md
  4. +7 −2 lib/session/index.js
  5. +6 −2 src/session/index.coffee
View
1 HISTORY.md
@@ -23,6 +23,7 @@ Not yet released. These are the changes so far...
* Added documentation in Korean (thanks EngForDev)
* Enable proper handling of question marks and params when routing HTTP requests (thanks matthiasg)
* In newly generated projects `ss.define.client()` now lists client libs explicitly to avoid confusion over load order
+* Added ability to call `req.session.setUserId(null, cb)` when a user signs out
* Updated bundled jQuery to 1.7.2
View
6 doc/guide/en/authentication.md
@@ -30,7 +30,11 @@ exports.actions = function(req, res, ss){
res('Access denied!');
}
- }
+ },
+
+ logout: function(){
+ req.session.setUserId(null);
+ }
}
}
View
2 doc/guide/en/pub_sub_events.md
@@ -70,6 +70,8 @@ Once a user has been [authenticated](https://github.com/socketstream/socketstrea
ss.publish.user('fred', 'specialOffer', 'Here is a special offer just for you!');
```
+Important: When a user signs out of your app, you should call `req.session.setUserId(null, cb)` to prevent the browser from receiving future events addressed to that `userId`. Note: This command only affects the current session. If the user is logged in via other devices/sessions these will be unaffected.
+
### 4. Sending to Individual Clients (browser tabs)
View
9 lib/session/index.js
@@ -40,8 +40,13 @@ exports.find = function(sessionId, socketId, cb) {
if (cb == null) {
cb = function() {};
}
- this.userId = userId;
- this._bindToSocket();
+ if (userId) {
+ this.userId = userId;
+ this._bindToSocket();
+ } else if (this.userId) {
+ subscriptions.user.remove(this.userId, socketId);
+ delete this.userId;
+ }
return this.save(cb);
};
session._bindToSocket = function() {
View
8 src/session/index.coffee
@@ -51,8 +51,12 @@ exports.find = (sessionId, socketId, cb) ->
session.channel = channels(session, socketId)
session.setUserId = (userId, cb = ->) ->
- @userId = userId
- @_bindToSocket()
+ if userId
+ @userId = userId
+ @_bindToSocket()
+ else if @userId # if null (i.e. user has signed out)
+ subscriptions.user.remove(@userId, socketId)
+ delete @userId
@save(cb)
session._bindToSocket = ->

0 comments on commit 86444b0

Please sign in to comment.