Allow cookies to be sent in XMLHttpRequest handshake; see https://github... #587

Closed
wants to merge 1 commit into
from

Projects

None yet

9 participants

@chill117

....com/LearnBoost/socket.io-client/issues/344

See: Issue #344

With these changes, can now send a cookie with the XHR handshake, allowing for persisting a user session.

Note about dependency upgrade:
Had to update XMLHttpRequest module to 1.6.0, to be able to disable forbidden headers in an XHR request.

@bzuillsmith

This would be extremely helpful for testing purposes

@iliakan
iliakan commented Jan 10, 2014

I had to patch socket.io-client to workaround that. Please let this pull request in.

@JCMais
JCMais commented Jan 30, 2014

Is this ever going to be merged?

@hanwang85

Is this going to be merged?

@killmenot

+1

@ismriv
ismriv commented Apr 7, 2014

This is extremely helpful for testing when using cookie-based authentication. Is this going to be merged at some point?

@nilornot

+1, helpful to testing socket.io api with mocha( server-sdie testing), i do this but got auth problem taday!

@rauchg
Collaborator
rauchg commented May 13, 2014

I'm down for merging a solution like this for the master branch

@chill117 chill117 referenced this pull request in socketio/engine.io-client Jun 2, 2014
Closed

Allow sending of cookie header in XHR handshake. #304

@chill117
chill117 commented Jun 3, 2014

If anyone is upgrading to socket.io-client 1.x, which now uses engine.io-client for the connection-related heavy lifting, you'll probably want to look into passing your session cookie(s) in the query string. I just went through the upgrade process, and by far the least painful method of persisting user sessions within my integrations tests was the query string method.

To give you a better idea of how to accomplish this.. When creating the socket instance, pass the cookie in the query string like this:

var url = 'http://your-app-url'
var options = {}

url += '?cookie=' + encodeURIComponent(sessionCookie)

// Pass this flag to create a fresh socket for the integration tests.
options.forceNew = true

var socket = io(url, options)

Then on the server-side, you'll need to read the cookie variable from the query data:

// The new middleware way of doing things..
io.use(function(socket, next) {

    // The query string value will be used only if the header is not set.
    var cookie = socket.handshake.headers.cookie || socket.handshake.query.cookie

    if (!cookie)
        return next()

    // There is a cookie..
    // Perform your cookie-based user authentication here..

    // And, don't forget to call next() when you're done.

})
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment