I am building a chat application in Django. But I am confused about how to show messages as soon as the person on the other side sends a message. At present, I have to reload the page to view the messages. I thought of refreshing the page automatically for 3-5 seconds. Is there any way to display messages as soon as the other person sends a message
You need to use websockets to obtain such type of applications . Web sockets maintain a link with your server and when ever there is a change in server the user gets notified automatically without refreshing.
You should use websockets to accomplish this. The library to go is django channels (https://channels.readthedocs.io/en/latest/) and in their example they also build a small chat application.
I'm currently developing a website for a chat application (everything in the serverside is Django).
One of the problems I faced was how to keep the website (once a user is logged and has everything rendered) updated if the user needs to receive something new (a new message, notifications, etc).
The solution I came with was to first create a URL to send a get request, and the response would be a list of unseen notifications for the user. Then, in the HTML, a JavaScript code to send request to this URL and receive the unseen notifications.
This way, upon loading, the page will send a get and receive all unseen notifications and save them in a variable, after that it will keep sending the request every half a second and check if the rendered data is the most recent data, and if it's not, reload the page to refresh all the rendered data.
Now, this works ok, but I'm not sure this is how it should be done, as I'm bombarding with requests my server (currently, everything in development and just a couple of users at the time nothing exploded) and the client is sending request all the time. Is this how other webs (for example Facebook) keep themselves updated in case a new notification appears without the need of the user manually reloading the page?
Thanks in advance!
here is what I want to do:
on a website: www.mySite.com
I want ppl to log on and be able to see other ppl who are currently viewing that webpage.
then I want them to be able to enter text on the webpage and it sends a message to the server
the server then sends this message to all the ppl viewing the page.
then I want the option to select a user from the list of users currently viewing the webpage.
and send that user alone a message (private messaging) but not all the others.
can I do this with html and php? I do NOT want to have a browser refreshing constantly to reload data.
I have looked into websocket technology and so far the only solutions I found is to open a socket connection, wait for a response from server and close the connection on timeout...
then reopen a new one and continously open and close sockets until updates are received by server.
is there a way for the client (browser) to listen for updates without polling a server?
-->>>is there a way for the server to save client addresses and send updates to an open html page (push data) to all those clients, only specific ones, or whatever the case is??<<--
html seems to work fine polling servers but then close connection right away.
Is there a way to keep a socket open indefinately, and not constantly reopen them to simulate server-browser push technology?
I am coding with a simple webserver using html, php and javascript. I am not paying for a virtual machine where I can construct services in my language of choosing.
I prefere not to use a 3rd party to achieve this.
I would like for this to be working on all browsers.
is this possible?
Is there a way that an action initiated by a user, on a client Browser( like clicking a button), can change characteristics of the page loaded by other clients.
The reason I need this is for controlling a device that post information onto a page and waits for a response to see if it can still continue posting information or not. I want that response to come from the user viewing the page. Both client browsers load the page from the server and they are not related in any way.
Thanks
According to the Facebook API documentation, most of the work is handled through javascript.
That means that all the processing is done, and then the front end checks if the user is connected to Facebook/authorized. right?
My question is:
Suppose a user goes to my site for the first time ever.
He clicks on "facebook connect". The javascript verifies him as authentic, and it "redirects" to another page on my server. From then on, how do I know that the user is actually authenticated to my website, since everything is done on frontend?
I think this is correct, but aren't there some security issues..:
-After user clicks Login, Facebook redirects to a page on my site. AND they also create a cookie with a specific "Facebook ID" that is retrieved only from this user. My backened will "read" the cookie and grab that ID...and then associate it to my userID.
If that is correct...then it doesn't make sense. What if people steal other people's "facebook ID" and then forge the cookie? And then my backend sees the cookie and thinks it's the real user...?
Am I confused? If I am confused, please help me re-organize and tell me how it's like.
Facebook Connect uses a clever (or insane, depending on your point of view) hack to achieve cross-site communication between your site and Facebook's authentication system from within the browser.
The way it works is as follows:
Your site includes a very simple static HTML file, known as the cross-domain communications channel. This file is called xd_receiver.htm in the FB docs, but it can be named anything you like.
Your site's login page includes a reference to the Javascript library hosted on Facebook's server.
When a user logs in via the "Connect" button, it calls a function in Facebook's JS API which pops up a login dialog. This login box has an invisible iframe in which the cross-domain communications file is loaded.
The user fills out the form and submits it, posting the form to Facebook.
Facebook checks the login. If it's successful, it communicates this to your site. Here's where that cross-domain stuff comes in:
Because of cross-domain security policies, Facebook's login window can not inspect the DOM tree for documents hosted on your server. But the login window can update the src element of any iframe within it, and this is used to communicate with the cross-domain communications file hosted on your page.
When the cross-domain communications file receives a communication indicating that the login was successful, it uses Javascript to set some cookies containing the user's ID and session. Since this file lives on your server, those cookies have your domain and your backend can receive them.
Any further communication in Facebook's direction can be accomplished by inserting another nested iframe in the other iframe -- this second-level iframe lives on Facebook's server instead of yours.
The cookies are secure (in theory) because the data is signed with the secret key that Facebook generated for you when you signed up for the developer program. The JS library uses your public key (the "API key") to validate the cookies.
Theoretically, Facebook's Javascript library handles this all automatically once you've set everything up. In practice, I've found it doesn't always work exactly smoothly.
For a more detailed explanation of the mechanics of cross-domain communication using iframes, see this article from MSDN.
Please someone correct me if I'm wrong - as I am also trying to figure all this stuff out myself. My understanding with the security of the cookies is that there is also a cookie which is a special signature cookie. This cookie is created by combining the data of the other cookies, adding your application secret that only you and FB know, and the result MD5-Hashed. You can then test this hash server-side, which could not easily be duplicated by a hacker, to make sure the data can be trusted as coming from FB.
A more charming explaination can be found here - scroll about halfway down the page.
Same issues here, and I think Scott is closer to the solution.
Also Im using "http://developers.facebook.com/docs/?u=facebook.jslib-alpha.FB.init" there open source js framework. So things are a little different.
For me, via the opensource js framework, facebook provides and sets a session on my site with a signature. So what I am thinking is to recreate that signature on my side. - if they both match then the user is who he says he is.
So basically if a user wanted to save something to my database, grab the session signature set up by facebook and recreate that signature with php and validate it against the one facebook gave me?
if($_SESSION['facebookSignature'] == reGeneratedSignature){
// save to database
}else{
// go away I don't trust you
}
But how do you regenerate that signature? preferably without making more calls to Facebook?