Java websocket connection check if same user reconnects

2k views Asked by At

In my application I have a sessionhandler that stores all connected sessions when they connect and removes them if they disconnects properly. If they do not I keep the sessions and if they reconnect I replace the old session with the new one. (The code below seems stupid, but it is just to make my point)

@ServerEndpoint(value = "/games")
public class GameEndPoint {

    @Inject
    private GameSessionHandler sessionHandler;

    @OnOpen
    public void open(Session session) {
        sessionHandler.addSession(session);
    }

    @OnClose
    public void close(Session session, CloseReason closeReason) {
        sessionHandler.sessionClosed(session, closeReason.getCloseCode());
    }

    @OnError
    public void onError(Throwable error) {
        LOGGER.log(Level.SEVERE, "Socket connection error", error);
    }

    @OnMessage
    public String handleMessage(String payload, Session session) {
        return payload;
    }
}

@Singleton
public class GameSessionHandler implements Serializable {

    private final Set<Session> sessions = new HashSet<>();

    public void addSession(Session session) {
        for(Session existing: sessions) {
            if(existing.equals(session)) {//DOES NOT WORK
                //client reconnected!
                sessions.remove(existing);
                break;
            }
        }
        sessions.add(session);
    }

    public void removeSession(Session session) {
        if (CloseReason.CloseCodes.NORMAL_CLOSURE.equals(reason)) {
            sessions.remove(session)
        }
    }
}

The problem is: how can I check that the session is for a client that was connected earlier, so that I can replace the session with the new open one?

Edit: This is needed because my client is a html5 application where the user can refresh/navigate on the page, and then the connection is lost. Whenever he attempts to reconnect I want to know which game he was currently playing. If the user is on a unstable connection (ie. on a mobile phone), also the connection will be lost from time to time.

1

There are 1 answers

1
Runar Halse On BEST ANSWER

I am not able to make a solid enough check for this, so ended up sending a unique string (uuid) to the client upon connecting. If client connects with a query param giving his old uuid, I use this to figure out who he is. I just trust the client to be who he says he is, and anyhow he can only connect with this uuid if the old session with this uuid has disconnected.

I have not considered security at all, and if I had I should possibly use something like diffie hellman key exchange so the only two parties that know the shared uuid is the server and the client.