google-app-enginechannel-api

Do the same GAE channel tokens work between tabs?


Going by the GAE docs for the Channel API,

Only one client at a time can connect to a channel using a given Client ID, so an application cannot use a Client ID for fan-out. In other words, it's not possible to create a central Client ID for connections to multiple clients.

seems contradictory to

Treat the token returned by create_channel() as a secret. If a malicious application gains access to the token, it could listen to messages sent along the channel you are using.

How can they both be true? But more importantly, I'm planning to create one channel for each logged in user in my app. Now if the user opens up a new tab with the app, can I use the same token again? The alternative of creating one channel per tab the user has open sounds quite odd, not to mention expensive.


Solution

  • If you open more than one socket on a channel with the same token, results are undefined. Both sockets may receive messages, or neither, or just one. (actually we technically support two connections reliably, for cases where the user refreshes a page)

    If you want to support multiple connections by the same user (in different tabs or different computers or whatever), you'll need to create a clientids per tab/browser instance/computer etc.