[sync] progress on session issues

[Jan Schneider]

Zitat von Karsten Fourmont <fourmont at gmx.de>:

> I think (hope) I've solved the weird session issue. For those not

Great!

> every session needs a unique ID. Normally this is done by a random value
> or timestamp. As the normal session id exchange mechanisms (cookies, url
> get) do not work for syncml.
>
> There's an SyncML element <SessionID> but it's pretty much useless as
> it's defined by the _client_.
>
> So our code creates the session id based on the device ID
> "<Source><LocURI>" in the Sync header. For a p800/900 that's the phones
> unique IMEI id which is ok. But for sync4j it's what you put into the
> device ID textbox, wjocj defaults to sc-pim-outlook. So when different
> users use the sync4j connector with the horde server at the same time,
> they get the same session id! And that will cause major major problems
> of course.
> The username can't be part of the session id as it's not sent by syncml
> on any but the first message.

If the client sends a SessionID that useless alone, but *should* be 
different for disctinct sync4j client sessions (is it?), why don't you 
add this ID to the session ID that you generate now from the LocURI?

> The SAX like event flow mechanism we currently have is normally chosen
> because it's more memory efficent. That applies to J2EE servers but not
> for PHP scripts.

It's still much more efficient for PHP, even though the new xmlreader 
in PHP 5.1 is even more efficient. But I guess SyncML packets are not 
going to be become huge, because it was designed to run on small 
devices, right? So either using dom, or building a custom structure 
with an initial sax parser should work too. But please test this, it 
would be too bad if PHP will be blown even more than with using IMP.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/