未加星标

Using cookieSession to authorize user using socket.io

字体大小 | |
[前端(javascript) 所属分类 前端(javascript) | 发布者 店小二04 | 时间 2018 | 作者 红领巾 ] 0人收藏点击收藏

I am using socket.io's authorize method( In detail here ) to check whether the user is authorized to use my app by checking the cookie associated with the user.

The above blog post is fairly straight forward but I am using cookieSessions to store session data in cookies. One good question is on stackoverflow but I can't figure that out.

I want to know how to decrypt cookieSession data to access the session data. A bit of my sample code:

io.set('authorization', function (data, accept) { //Check cookie for session data accept(null, true);});

In other words, how can I access the cookieSession in socket.io?

Problem courtesy of: shash7

Solution

I use the following (with passport, but it doesn't matter):

io.set('authorization', function(data, accept) { var getCookieSession = require('./lib/cookie_session'); var session = getCookieSession(data.headers, { key: 'YOUR KEY', secret: 'YOUR SECRET' }); if (session.passport.user) { accept(null, true); } else { accept(null, false); } });

and getCookieSession is the following module:

var connect = require('connect'); var cookieParser = connect.cookieParser; var cookieSession = connect.cookieSession; module.exports = function(headers, opts) { var key = opts.key || '_session'; var secret = opts.secret || ''; var req = { headers: headers, originalUrl: "/" }; var res = { on: function() {} }; var next = function () {}; cookieParser(secret)(req, res, next); cookieSession({ key: key })(req, res, next); return req.session; };

Solution courtesy of: Gal Ben-Haim

本文前端(javascript)相关术语:javascript是什么意思 javascript下载 javascript权威指南 javascript基础教程 javascript 正则表达式 javascript设计模式 javascript高级程序设计 精通javascript javascript教程

tags: var,session,data,cookieSession,key,function,io,headers,secret,user,req,accept
分页:12
转载请注明
本文标题:Using cookieSession to authorize user using socket.io
本站链接:https://www.codesec.net/view/604883.html


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 前端(javascript) | 评论(0) | 阅读(9)