Menu
What are the possible ways to authenticate user when websocket connection is used?
Example scenario: Web based multi-user chat application through encrypted websocket connection. How can I ensure (or guarantee) that each connection in this application belongs to certain authenticated user and "can't be" exploited by false user impersonation during the connection.
321
If you're already doing authentication for the non-websocket part of your app, just pass the session cookie along as the first message after connecting and check the cookie as you normally would.
WARNING: It's been pointed out that the following doesn't work when flashsockets are used:
If you're using socket.io, it's even easier—the cookies are passed through automatically on connection, and can be accessed like the following:
var io = require('socket.io'); var socket = io.listen(app); socket.on('connection', function(client){ cookies = client.headers['cookie']; }); If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
