Skip to content
This repository has been archived by the owner on May 7, 2024. It is now read-only.

Calling SingalR\poll?transport=longpolling issue #21

Open
Btotakura opened this issue Feb 13, 2020 · 4 comments
Open

Calling SingalR\poll?transport=longpolling issue #21

Btotakura opened this issue Feb 13, 2020 · 4 comments

Comments

@Btotakura
Copy link

whenever we change the messageid of the above request we are getting the all the connections history means all the methods are coming as response.please see the attached image for your reference.

Fetch all details 2 (2)
@BrennanConroy
Copy link
Member

That's expected, the messageID is used by the client to tell the server which message it received last. So if you change the messageID to an older ID then you'll get messages since that older ID.

And the concern about auth is not valid because your connection is authenticated via the connectionToken in the query string.

Also, if that's real data you should probably reset the SessionTokens and Login IDs.

cc @halter73

@halter73
Copy link
Member

And the concern about auth is not valid because your connection is authenticated via the connectionToken in the query string.

Additionally, if the authenticated user has a non-empty Context.User.Identity.Name that IsAuthenticated when the SignalR connection is established, SignalR will verify every other request with that same connectionToken is authenticated with the same user name or else it will reject the request with a 403.

https://github.com/SignalR/SignalR/blob/d5a2dcb9e09ec97631a4f51b4dc7b75735277ca4/src/Microsoft.AspNet.SignalR.Core/PersistentConnection.cs#L339-L344

@Btotakura
Copy link
Author

That's expected, the messageID is used by the client to tell the server which message it received last. So if you change the messageID to an older ID then you'll get messages since that older ID.

And the concern about auth is not valid because your connection is authenticated via the connectionToken in the query string.

Also, if that's real data you should probably reset the SessionTokens and Login IDs.

cc @halter73

is there any possibility to overcome this issue? please suggest me? if any code changes is needed i will try to do , please help on this?

@BrennanConroy
Copy link
Member

is there any possibility to overcome this issue?

What issue? You aren't leaking any data because the data has already been sent to this client before.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@halter73 @BrennanConroy @Btotakura