Now, i improve my tornado skills and have a question about user auth.
And my solution is create secure token on first page and next send it with other data, from javascript to tornado server where do checking and auth user.
i think about cookie but i don't know how i can read cookies in WebSocketHandler.on_message
what you think ? and where i wrong ? Thanks
I suggest you read the overview section in the documentation.
There should be some relevant content there:
EDIT
I just realized your question is about websockets. I believe you can use the approach you outline:
You should be able to access the request headers inside the websocket handler using self.request.headers
.
A client can probably make the request headers with a fake user: 'user="ImFkbWxxxx==|xxxxxxxxxx|9d847f58a6897df8912f011f0a784xxxxxxxxxx"'
I think the following approach is better. If the user does not exist or if the cookie id is not correct or falsified, then the function get_secure_cookie will not return a user
class WebSocketHandler(tornado.websocket.WebSocketHandler):
def open(self):
user_id = self.get_secure_cookie("user")
if not user_id: return None
...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With