Skip to content

Instantly share code, notes, and snippets.

@zgohr
Created April 25, 2012 19:54
Show Gist options
  • Save zgohr/2492861 to your computer and use it in GitHub Desktop.
Save zgohr/2492861 to your computer and use it in GitHub Desktop.
Socket security when your client is hosted by another application
// Assume that we are not using a redis session store
// instead storing relevant information in redis.
// client side
// assume Cookie.get(name) returns the cookie
// this can use jQuery's cookie plugin or
// some regular expression on document.cookie
var socket = new io.Socket();
socket.on('connect', function() {
var sessionid = Cookie.get("sessionid");
if (sessionid) { // if no sessionid
socket.send({ sessionid: sessionid }); // send it some other time
}
});
// server side
socket.on('connection', function (client) {
client.on('message', function (message) {
if (message.sessionid) {
redis.get(message.sessionid, function (err, reply) {
// Store anything now to your client
client.user_id = reply.id;
}
}
}
});
// This is not yet robust, there is a possibility that it is a race condition
// if the application hosting your client doesn't register the session with
// redis before the client connects, this will be a problem.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment