Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Socket.io authorization function is not updating session data

I'm trying to use Socket.IO's authorization function to get session data. The problem is that even if I log out and destroy my session, Socket.IO still has the old session information, which is clearly not ideal. Any ideas what I'm doing wrong in the code below?

io.set('authorization', function (data, accept) {
    if(data.headers.cookie) {
        data.cookie = parseCookie(data.headers.cookie);
        data.sessionID = data.cookie['express.sid'];
        app.set('mongo-store').get(data.sessionID, function (err, session) {
            console.log(err, session);
      if (err || !session) {
                // if we cannot grab a session, turn down the connection
                accept('Error', false);
      } else {
        // save the session data and accept the connection
        data.session = session;
        accept(null, true);
      }
        });
    } else {
        return accept('No cookie transmitted.', false);
    }
    accept(null, true);
});

And here is the connection code:

io.sockets.on('connection', function(socket) {  

  var hs = socket.handshake;
  console.log('A socket with sessionID ' + hs.sessionID 
      + ' connected!');
  // setup an inteval that will keep our session fresh
  var intervalID = setInterval(function () {
      // reload the session (just in case something changed,
      // we don't want to override anything, but the age)
      // reloading will also ensure we keep an up2date copy
      // of the session with our connection.
      hs.session.reload( function () { 
          // "touch" it (resetting maxAge and lastAccess)
          // and save it back again.
          hs.session.touch().save();
      });
  }, 60 * 1000);
  socket.on('disconnect', function () {
      console.log('A socket with sessionID ' + hs.sessionID 
          + ' disconnected!');
      // clear the socket interval to stop refreshing the session
      clearInterval(intervalID);
  });
});
like image 404
Josh Smith Avatar asked Jan 19 '12 15:01

Josh Smith


People also ask

Why is Socket.IO not connecting?

Problem: the socket is not able to connect​You are trying to reach a plain WebSocket server. The server is not reachable. The client is not compatible with the version of the server. The server does not send the necessary CORS headers.

How does Socket.IO connect to client server?

listen(port); // Create a Socket.IO instance, passing it our server var socket = io. listen(server); // Add a connect listener socket. on('connection', function(client){ console. log('Connection to client established'); // Success!

Is Socket.IO efficient?

js - Using socket.io is broadcasting the same efficiency as sending a message to every client - Stack Overflow.


1 Answers

From http://www.danielbaulig.de/socket-ioexpress/

sio.sockets.on('connection', function (socket) {
    var hs = socket.handshake;
    console.log('A socket with sessionID ' + hs.sessionID 
        + ' connected!');
    // setup an inteval that will keep our session fresh
    var intervalID = setInterval(function () {
        // reload the session (just in case something changed,
        // we don't want to override anything, but the age)
        // reloading will also ensure we keep an up2date copy
        // of the session with our connection.
        hs.session.reload( function () { 
            // "touch" it (resetting maxAge and lastAccess)
            // and save it back again.
            hs.session.touch().save();
        });
    }, 60 * 1000);
    socket.on('disconnect', function () {
        console.log('A socket with sessionID ' + hs.sessionID 
            + ' disconnected!');
        // clear the socket interval to stop refreshing the session
        clearInterval(intervalID);
    });

});

Edit: auth code

io.set('authorization', function (handshakeData, callback) {
  var cookie;
  // console.log(handshakeData.headers);
  if (handshakeData.headers && handshakeData.headers.cookie) {
    cookie = parseCookie(handshakeData.headers.cookie);
    // where SessionStore is an instance of your mongo store
    SessionStore.load(cookie['sioapp.sid'], function (err, session) {
      if (err) {
        // if we cannot grab a session, turn down the connection
        console.log(err);
      } else {
        // console.log('Successfully decoded the session: ', session);
        handshakeData.session = session;
      }
    });
  }
  callback(null, true); // error first callback style
});

Once every 60 seconds, the session is touched (thus refreshed). When the user disconnects, the session is destroyed.

like image 73
alessioalex Avatar answered Nov 04 '22 22:11

alessioalex