Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use feathers-socketio? and rest&socket share session maybe? #269

Closed
simonjoom opened this Issue Aug 13, 2016 · 3 comments

Comments

Projects
None yet
2 participants
@simonjoom
Copy link

simonjoom commented Aug 13, 2016

I think we should to use express-session and no need anymore cookie-parser - > Since version 1.5.0, the cookie-parser middleware is no need

And add middleware fonctionnalities with socket-io

why not use share sessions between rest and socket to get things working all together?
why not use feathers-socketio instead socket?

see: http://stackoverflow.com/questions/25532692/how-to-share-sessions-with-socket-io-1-x-and-express-4-x

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Aug 13, 2016

feathers-authentication does not use sessions. The Cookie parser is only for getting the JWT from a cookie which is usually only the case with server side rendering.

You can also already use your own Socket.io middleware as documented here.

@simonjoom

This comment has been minimized.

Copy link
Author

simonjoom commented Aug 13, 2016

Thks for replying, yes i saw it that it 's not using sessions.
Just can i ask why you decided that? better to use only cookie for server-side rendering?

In fact i was worry about cookies is not good.

but yes cookie-parser is not a real cookie, for me a cookie is stored in client-side.
I was worry about lost token when cookie is removed.

They should to not use this name 'cookie-parser' because it's just something in the request header.

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Aug 14, 2016

Well cookie-parser just passes the cookie request header so the name isn't necessarily wrong. The cookie is just one way to provide the JWT though. You can easily disable cookies and manage the tokens yourself (the client does that for you already).

@daffl daffl closed this Aug 16, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.