Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
* Little example of how to use ```socket-io.client``` and ```request``` from node.js
* to authenticate thru http, and send the cookies during the handshake.
var io = require('');
var request = require('request');
* This is the jar (like a cookie container) we will use always
var j = request.jar();
* First I will patch the xmlhttprequest library that uses
* internally to simulate XMLHttpRequest in the browser world.
var originalRequest = require('').XMLHttpRequest;
require('').XMLHttpRequest = function(){
originalRequest.apply(this, arguments);
var stdOpen =;
* I will patch now open in order to set my cookie from the jar request.
*/ = function() {
stdOpen.apply(this, arguments);
this.setRequestHeader('cookie', j.getCookieString('http://localhost:9000'));
* Authenticate first, doing a post to some url
* with the credentials for instance
jar: j,
url: 'http://localhost:9000/login',
form: {username: 'jose', password: 'Pa123'}
}, function (err, resp, body){
* now we can connect.. and will send the cookies!
var socket = io.connect('http://localhost:9000');
socket.on('connect', function(){
console.log('connected! handshakedddddddddddd')

This comment has been minimized.

Copy link

@ilatypov ilatypov commented Dec 1, 2020

Sending cookies across origins is disabled in browsers (I believe at a lower level than any patching could allow).

<!doctype html>
<html lang="en">
    <meta charset="utf-8">
        window.addEventListener('load', function(event) {
            let exist = document.getElementById("exist");
            exist.textContent = document.cookie;

            let mycookie = "mysession=abc123";
            let elem = document.getElementById("cook");
            elem.textContent = mycookie;

            document.cookie = mycookie;

            // let url = "";
            let url = "http://localhost:30080/";
            let urlelem = document.getElementById("url");
            urlelem.textContent = url;

            let respelem = document.getElementById("resp");

            let req = new Request(url, { credentials: "same-origin" });
            fetch(req).then(function(resp) {
                return resp.text();
            }).then(function(text) {
                respelem.textContent = text;
    Existing document cookies <code id="exist"></code>.
    Sending a cookie <code id="cook"></code> to URL <code id="url"></code>.
    Response text: <code id="resp"></code>.
Existing document cookies .

Sending a cookie mysession=abc123 to URL http://localhost:30080/.

Response text: <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> [...] </body> </html> . 

The browser's console shows the cookie being sent (when using the same origin as a destination).

GET / HTTP/1.1
Host: localhost:30080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: */*
Accept-Language: en-CA,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://localhost:30080/f.html
DNT: 1
Connection: keep-alive
Cookie: mysession=abc123
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment