How do you handle authentication with Orbited?

I'm trying to make a site where users can create accounts then chat with each other in real time using Django, Orbited, and Twisted. I want it so that two users individual chats are private and only they can see it.

Based on my knowledge of Orbited(which is limited since it seems like the site is down, so I've just been going off of blog posts and whatnot), there are channels that basically anyone can subscribe to and get the messages sent to it. Since the subscribing is done through Javascript, it would be easy for someone to just change what channel they're subscribed to and subscribe to someone else's private chat and see what they're saying.

So how would you get aroun开发者_Go百科d this and have some kind of authentication in Orbited's channels? I've been looking around and most people cite Hotdot as an example, but it's not extremely documented so it's hard to understand. It also seems like it just checks for authentication before allowing you to subscribe to anything, but once you're logged in you'd still be able to subscribe to any channel you want.

---

a dirty way is to do this:

since sessionids are unique to each logged in user, you can create a unique id for each chatsession and attach the sessionids of the users to that. then let your channel-name be /messages/{sessionid} or something similar and your users subscribe to that channel

whenever you want to push messages, just push to all /messages/{sessionids} attached to that chatsession

for a better solution, you should try the orbited discussion group: http://groups.google.com/group/orbited-users

it is still alive ;-)