I´m currently developing a little chat page. The main page and user management is written in php and also all the authentication stuff with sessions.
Now I´m planning to run the messaging stuff on a separate Node.js server, so that I don´t have to use polling on client side.
How can I now use the session to authenticate a user also on Node.js to prevent s.o. passing messages in the name of someone else to the messaging server?
My idea was to generate a key on php side, pass it to the Node.js and also to the client. If the user sends a message, I would pass the key to the Node.js and compare it with the key I´ve send from the webserver.
Is this a good approach? Which alternatives do I have?
