All geek questions in one place

Nodejs + pause in a websocket session

I am really confused how to set up sessions with my nodejs application. I use express + socksjs and itโ€™s hard for me to figure out how to bind a ws connection to a specific user session.

On the sockjs page, they say that they donโ€™t use cookies for authorization, but if I donโ€™t send the session from the cookie when establishing a ws connection (a cookie with a previously established Express session), how can I bind this specific ws connection to a specific user?

I would like to achieve these simple goals: - The user (logged in or guest) visits the page and establishes a ws connection - I store in redis a pair of connection identifier and session id key values, so I know which user who is given the ws connection belongs to

How to do this if I cannot send a session from a cookie right after a ws connection is established? Even if I wanted, the cookie is unavailable due to HttpOnly and therefore cannot be read via js.

edit:

this post in google group offers me to send encrypted user data to the first message that sounds good, but still I'm not sure where I should get these details from. I always did this through sessions and cookies ...

+4
source share
2 answers

You can look at https://github.com/jfromaniello/passport.socketio . I used it and it is quite simple to go.

0
source

Cookies are used in most cases to restore a session. SockJS permits the use of cookies, but only using raw cookies without any other security methods - this is a little scary, especially if your SockJS is in a different domain and the cookies will have an undefined initial volume.

Consider the Token method for authentication.

If you really need to use cookies, please read this, all the reasoning is there, and I will not just duplicate the situation already explained: https://github.com/sockjs/sockjs-node/pull/29#issuecomment-2733120

0
source

Source: https://habr.com/ru/post/1500803/

More articles:


All Articles