Persistent connection with Openfire server


  • Converse JS v0.9.5 as web frontend for messenger

  • Openfire XMPP Server v3.10.2 as messenger’s backend

  • Web application itself is written in PHP.

For now, Openfire and website has separate databases but they are synchronized.

**What I want to achieve is: **

when user signs in to website, Converse JS also must login and create persistent connection with [Openfire XMPP Server][2] during whole user session untlil logs out.

What I’ve found

Googled a lot and researched on both Converse JS and Openfire websites.

Read that, there is prebind property and Single Session Support for Converse JS which allows to achieve what I want. They also, provide PHP library example for website.

What I’ve done

Initial script for Converse JS looks like that:

        bosh_service_url: '',
        keepalive: true,
        jid: '',
        authentication: 'prebind',
        prebind_url: '',
        allow_logout: false

As far as I understand whole process goes like below:

Untitled Diagram (1).png

  1. sends jid to prebind_url which is (take a look at configuration properties above)
  2. PHP backend receives jid (which is username). To authenticate in XMPP server password, login must be in plain text format. Converse JS, as far as I know, to keep user logged in messenger, may send request to pretty much everytime when it needs (jid, sid, rid). So, from PHP side plain text authentication is required to be ready everytime.
  3. PHP backend gets results from XMPP Server (jid, sid, rid) using [PHP library][5]
  4. Returns back jid, sid, rid as JSON

So question is

Confusion starts in 2nd step: should I save user’s XMPP password and login in plain text format in PHP sessions because of XMPP authentication? Or am I getting it wrong and there is more secure way to achieve it?

And in 3rd step, while testing with working username and password getting Invalid challenge response received error. Is there any working library for authenticating from PHP?