I've got a simple Single Page Application using jetty websockets for communication between server and client.
Problem: Each time I have reload page my websocket connection is disabled and new is initialized. The problem is that user should relogin on each page refresh.
Question: How can I eliminate the need of relogin on page refresh?
EDITED: Faced the next problem: how to decide when session should be deleted? I've a peer object on the server side which is a nothing else but websocket session container. Peer is deleted on onClose
method, which in turn is invoked on droping client side websocket. Here the problem comes: when user press F5 -> client side websocket is broken -> server delete appropriate websocket -> client side try to reload a page and check if there is any session AND FIND NOTHING. On the other hand I can't cease removing y peers (sessions) at all.
Question: How can I tell server when to remove my peers?
To eliminate the need to authenticate a WebSocket connection upon each new connection establishment you can use cookies.
Authenticate the WebSocket connection upon first time, set cookie on the WebSocket connection, and recheck the cookie upon a new connection.
This requires a WebSocket server that allows to read and set cookies on a WebSocket connection.
If the WebSocket connection is served from the same origin as the HTML page containing the JavaScript that opens the WebSocket connection, you could also use a "normal" HTML form based login plus cookie procedure: