Created
April 25, 2012 19:54
-
-
Save zgohr/2492861 to your computer and use it in GitHub Desktop.
Socket security when your client is hosted by another application
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Assume that we are not using a redis session store | |
| // instead storing relevant information in redis. | |
| // client side | |
| // assume Cookie.get(name) returns the cookie | |
| // this can use jQuery's cookie plugin or | |
| // some regular expression on document.cookie | |
| var socket = new io.Socket(); | |
| socket.on('connect', function() { | |
| var sessionid = Cookie.get("sessionid"); | |
| if (sessionid) { // if no sessionid | |
| socket.send({ sessionid: sessionid }); // send it some other time | |
| } | |
| }); | |
| // server side | |
| socket.on('connection', function (client) { | |
| client.on('message', function (message) { | |
| if (message.sessionid) { | |
| redis.get(message.sessionid, function (err, reply) { | |
| // Store anything now to your client | |
| client.user_id = reply.id; | |
| } | |
| } | |
| } | |
| }); | |
| // This is not yet robust, there is a possibility that it is a race condition | |
| // if the application hosting your client doesn't register the session with | |
| // redis before the client connects, this will be a problem. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment