Can't restore sessionId from Cookie.

[wuxudong]

When the server reboot, the client will reconnect, and the sessionId should remains the same.

But I found it changed every time.

After dig a little further, I find that AuthorizeHandler tries to fetch sessionId by headers.getAll("io") , but always get empty.

In the comment, it says will retrieve sessionId from io cookie. but the code tries to get sessionId from header directly.

Is it a bug? or am I missing anything?

/**
        This method will either generate a new random sessionId or will retrieve the value stored
        in the "io" cookie.  Failures to parse will cause a logging warning to be generated and a
        random uuid to be generated instead (same as not passing a cookie in the first place).
    */
    private UUID generateOrGetSessionIdFromRequest(HttpHeaders headers) {
        List<String> values = headers.getAll("io");
        if (values.size() == 1) {
            try {
                return UUID.fromString(values.get(0));
            } catch ( IllegalArgumentException iaex ) {
                log.warn("Malformed UUID received for session! io=" + values.get(0));
            }
        }
        return UUID.randomUUID();
    }

[wuxudong]

everything works well after I change code below. SessionId is restored when server reboot.

    /**
        This method will either generate a new random sessionId or will retrieve the value stored
        in the "io" cookie.  Failures to parse will cause a logging warning to be generated and a
        random uuid to be generated instead (same as not passing a cookie in the first place).
    */
private UUID generateOrGetSessionIdFromRequest(HttpHeaders headers) {
        for (String cookieHeader: headers.getAll(HttpHeaderNames.COOKIE)) {
            Set<Cookie> cookies = CookieDecoder.decode(cookieHeader);

            for (Cookie cookie : cookies) {
                if (cookie.name().equals("io")) {
                    try {
                        return UUID.fromString(cookie.getValue());
                    } catch ( IllegalArgumentException iaex ) {
                        log.warn("Malformed UUID received for cookie! io=" + cookie.getValue());
                    }
                }
            }
        }

        List<String> values = headers.getAll("io");
        if (values.size() == 1) {
            try {
                return UUID.fromString(values.get(0));
            } catch ( IllegalArgumentException iaex ) {
                log.warn("Malformed UUID received for session! io=" + values.get(0));
            }
        }
        return UUID.randomUUID();
    }

[wuxudong]

@mrniko any update?

[pablojr]

@wuxudong any chance you can provide a pull request so @mrniko can review it and eventually commit your changes into master branch? Don't forget this is an open source projects and any help is welcomed
By the way, you should update the method's comments since it's the same as original one, and it isn't reflecting the fact that session will come from cookie or header

[wuxudong]

@pablojr Thanks for your advice. I will create a PR. And is this really a bug? or I miss some necessary config?

[haizz]

I'm sorry, but this not only breaks everything because all opened browser tabs begin to share the same socket id #526 , but also it is not compatible with reference engine.io implementation: socketio/engine.io#422

[mrniko]

Fixed