Hi,
I'm building a web messenger.
On a secured login page a user enters his password and the authentication process works.
The problem is when the session undeliberately ends because of network issues for example.
I want the messenger to automatically reconnect the user without asking for the password again.
For that to work I have to store the user password on the html page.
The html page will consist of several scripts from several services so this method is insecure.
Is there something like a temporary password that I can use?
Gmail, for example, stores a temporary password in a cookie which works until you sign out.
Is such mechanism exists in ejabberd?
I think I should create a new table in the database that will hold jid, temp password, creation time.
When a user tries to authenticate using my custom iq I should catch this iq and route it to my custom module and check the creation time against the current time. If the difference doesn't exceeds a configure value (2 hours for example) then I will authenticate the user against my custom data table.
What module will be a good start for this?
A module that create a data table if it doesn't exists and a module that catch the custom iq...
Thanks
If you currently use
If you currently use ejabberd_auth_internal.erl, but you want to add some code to it, you can:
cd ejabberd/src
cp ejabberd_auth_internal.erl ejabberd_auth_test.erl
edit the file, where it says -module(..._internal) put _test
and then in ejabberd.cfg {auth_method, test}.