Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

I'm using the latest versions of node.js and session.socket.io and this is how I set the session (please note that I'm not using a HTTPS connection so no secure: true):

app.configure(function() {
    app.use(cookieParser);
    app.use(express.session({
        signed: true,
        store: sessionStore,
        secret: 'SECRET',
        cookie: {
            maxAge: 24 * 60 * 60 * 1000,
            httpOnly: true
        }
    }));
});
var sessionSockets = new SessionSockets(io, sessionStore, cookieParser);

// Later
sessionSockets.on('connection', function(error, socket, session) {
    // session could be used here to detect if user is logged in

    // e.g. login: session.name = 'x'; session.save();
    // e.g. checkIfLoggedIn: if (session.name) return true;
});

Is my code safe/correct or how I could authenticate that a user is really logged in? Is it possible/recommended to change the sid of the cookie on the clients (due it's mentioned here)?

share|improve this question

This question has an open bounty worth +50 reputation from Hong Zhou ending tomorrow.

This question has not received enough attention.

1 Answer

up vote 3 down vote

I would recommend avoiding re-inventing the wheel and using a library such as PassportJS. There is a module specifically for using PassportJS with Socket.io here (I've never used this though I'm currently working on a project where I'll need it soon). I have used PassportJS and it's quite simple. I would recommend this.

share|improve this answer
passportJs is best for Safe authentication , my recommendation is same go with passportJS – FLF Jul 10 at 6:32
What about using socket.id as the session id? is it viable as well? – Hong Zhou 2 days ago
@HongZhou, I don't know. But I do know that Passport makes authentication really simple and if there's a module for using passport and socket.io then obviously someone else has tried it and it seems to work alright :) – kentcdodds 2 days ago

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.