Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Allow cookies to be sent in XMLHttpRequest handshake; see https://github... #587

Closed
wants to merge 1 commit into from

9 participants

@chill117

....com/LearnBoost/socket.io-client/issues/344

See: Issue #344

With these changes, can now send a cookie with the XHR handshake, allowing for persisting a user session.

Note about dependency upgrade:
Had to update XMLHttpRequest module to 1.6.0, to be able to disable forbidden headers in an XHR request.

@bzuillsmith

This would be extremely helpful for testing purposes

@iliakan

I had to patch socket.io-client to workaround that. Please let this pull request in.

@JCMais

Is this ever going to be merged?

@hanwang85

Is this going to be merged?

@ismriv

This is extremely helpful for testing when using cookie-based authentication. Is this going to be merged at some point?

@gastrodia

+1, helpful to testing socket.io api with mocha( server-sdie testing), i do this but got auth problem taday!

@rauchg
Owner

I'm down for merging a solution like this for the master branch

@chill117 chill117 referenced this pull request in Automattic/engine.io-client
Closed

Allow sending of cookie header in XHR handshake. #304

@chill117

If anyone is upgrading to socket.io-client 1.x, which now uses engine.io-client for the connection-related heavy lifting, you'll probably want to look into passing your session cookie(s) in the query string. I just went through the upgrade process, and by far the least painful method of persisting user sessions within my integrations tests was the query string method.

To give you a better idea of how to accomplish this.. When creating the socket instance, pass the cookie in the query string like this:

var url = 'http://your-app-url'
var options = {}

url += '?cookie=' + encodeURIComponent(sessionCookie)

// Pass this flag to create a fresh socket for the integration tests.
options.forceNew = true

var socket = io(url, options)

Then on the server-side, you'll need to read the cookie variable from the query data:

// The new middleware way of doing things..
io.use(function(socket, next) {

    // The query string value will be used only if the header is not set.
    var cookie = socket.handshake.headers.cookie || socket.handshake.query.cookie

    if (!cookie)
        return next()

    // There is a cookie..
    // Perform your cookie-based user authentication here..

    // And, don't forget to call next() when you're done.

})
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Nov 17, 2013
This page is out of date. Refresh to see the latest.
Showing with 7 additions and 1 deletion.
  1. +6 −0 lib/socket.js
  2. +1 −1  package.json
View
6 lib/socket.js
@@ -149,6 +149,12 @@
var xhr = io.util.request();
xhr.open('GET', url, true);
+
+ if (this.options.cookie) {
+ xhr.setDisableHeaderCheck(true);
+ xhr.setRequestHeader('Cookie', this.options.cookie);
+ }
+
if (this.isXDomain()) {
xhr.withCredentials = true;
}
View
2  package.json
@@ -20,7 +20,7 @@
, "dependencies": {
"uglify-js": "1.2.5"
, "ws": "0.4.x"
- , "xmlhttprequest": "1.4.2"
+ , "xmlhttprequest": "1.6.0"
, "active-x-obfuscator": "0.0.1"
}
, "devDependencies": {
Something went wrong with that request. Please try again.