javascript - What are the possible ways to authorize a websocket connection request in Express.io? -


I have two possibilities and prefer a solution that checks the websocket completely before installing it. .

  var express = expected ("express.io"); Var app = express (). Http () Io (); App.use (express.json ()); App.use (express.cookieParser ()); App Use (Express Season ({secret: process.env.COOKIESECRET})); Option 1: How to get Express session objects? 
Update: It may not be able to work as Express.Ooy, which registers its "authorized" forest, which provides the Express session Socket.io
  app.io.configure (function () {app.io.set ("authorize", function (handshake, authorized) {// cookie is available ...? // handshake Headers.cookie});}); Option 2: Getting an Express session is easy, but the connection is already established.  
  app.orot ("test", function (rake) {if (! Req.session.Is authorized) {req.io.disconnect ();}});  

You can pass in the context of your session, so when you configure your Socket server:

  var sessionStore = new express.session.MemoryStore (); App.use (express.session ({secret: process.env.COOKIESECRET, store: sessionStore}));  

I think you should be able to get comfort from your code by matching the handshake.headers object to the content in your session shop. Note that the default store is organized in the store, which is not good for production purposes (but now I think that's OK). The above is related to your option 1 method.


Comments