Socket.io authorization function does not update session data

Question

Socket.io authorization function does not update session data

I am trying to use the Socket.IO authorization function to get session data. The problem is that even if I log out and destroy my session, Socket.IO still has old session information, which is clearly not ideal. Any ideas what I am doing wrong in the code below?

io.set('authorization', function (data, accept) { if(data.headers.cookie) { data.cookie = parseCookie(data.headers.cookie); data.sessionID = data.cookie['express.sid']; app.set('mongo-store').get(data.sessionID, function (err, session) { console.log(err, session); if (err || !session) { // if we cannot grab a session, turn down the connection accept('Error', false); } else { // save the session data and accept the connection data.session = session; accept(null, true); } }); } else { return accept('No cookie transmitted.', false); } accept(null, true); });

And here is the connection code:

 io.sockets.on('connection', function(socket) { var hs = socket.handshake; console.log('A socket with sessionID ' + hs.sessionID + ' connected!'); // setup an inteval that will keep our session fresh var intervalID = setInterval(function () { // reload the session (just in case something changed, // we don't want to override anything, but the age) // reloading will also ensure we keep an up2date copy // of the session with our connection. hs.session.reload( function () { // "touch" it (resetting maxAge and lastAccess) // and save it back again. hs.session.touch().save(); }); }, 60 * 1000); socket.on('disconnect', function () { console.log('A socket with sessionID ' + hs.sessionID + ' disconnected!'); // clear the socket interval to stop refreshing the session clearInterval(intervalID); }); });

+8

javascript node.js socket.io express

Josh smith Jan 19 '12 at 15:21

source share

2 answers

alessioalex · Answer 1 · 2012-01-19T15:28:14+0000

From http://www.danielbaulig.de/socket-ioexpress/

 sio.sockets.on('connection', function (socket) { var hs = socket.handshake; console.log('A socket with sessionID ' + hs.sessionID + ' connected!'); // setup an inteval that will keep our session fresh var intervalID = setInterval(function () { // reload the session (just in case something changed, // we don't want to override anything, but the age) // reloading will also ensure we keep an up2date copy // of the session with our connection. hs.session.reload( function () { // "touch" it (resetting maxAge and lastAccess) // and save it back again. hs.session.touch().save(); }); }, 60 * 1000); socket.on('disconnect', function () { console.log('A socket with sessionID ' + hs.sessionID + ' disconnected!'); // clear the socket interval to stop refreshing the session clearInterval(intervalID); }); });

Edit: auth code

 io.set('authorization', function (handshakeData, callback) { var cookie; // console.log(handshakeData.headers); if (handshakeData.headers && handshakeData.headers.cookie) { cookie = parseCookie(handshakeData.headers.cookie); // where SessionStore is an instance of your mongo store SessionStore.load(cookie['sioapp.sid'], function (err, session) { if (err) { // if we cannot grab a session, turn down the connection console.log(err); } else { // console.log('Successfully decoded the session: ', session); handshakeData.session = session; } }); } callback(null, true); // error first callback style });

Every 60 seconds, the session is affected (thus being updated). When the user disconnects, the session is destroyed.

Stephane · Answer 2 · 2013-10-11T11:40:43+0000

I’m not sure that 60 * 1000 means 60 million. I would say that it is 1 million.

Socket.io authorization function does not update session data

More articles: