-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unique identifier for each client request to websocket server #859
Comments
You can add this info yourself every time a a new connection is established for example using wss.on('connection', (ws) => {
ws.id = uuid.v4();
}); or you can use a query parameter if you want to identify a client when it connects. var ws = new WebSocket('ws://example.com/?token=abc123'); |
@lpinca Can u explain it how to fetch that token parameter on the server side? |
wss.on('connection', (ws, req) => {
const { query: { token } } = url.parse(req.url, true);
// ...
}); |
wss.on('connection', (ws, req) => {
const { query: { token } } = url.parse(req.url, true);
^
TypeError: Cannot read property 'url' of undefined
}); |
@sajadghawami use |
Still getting same error: wss.on('connection', (ws, req) => {
const { query: { token } } = url.parse(ws.upgradeReq.url, true);
^
TypeError: Cannot read property 'url' of undefined
}); Using |
Reread my previous comment, upgrade or use |
Ahh i see :) ... but using the one you posted before didn't work either with you mean this: wss.on('connection', (ws, req) => {
const { query: { token } } = url.parse(req.url, true);
^
TypeError: Cannot read property 'url' of undefined
}); |
Yes that one, on |
Use request header 'sec-websocket-key' wss.on('connection', (ws, req) => {
var id = req.headers['sec-websocket-key'];
//do what ever you want...
}); |
|
wss.on('connection', (ws, req) => {
ws.uuid = req.url.replace('/?uuid=', '')
}); |
If I have a user with an account trying to connect to the websocket, how can I safely pass the user ID to the server and maybe even store the ID inside the client list? |
To whoever finds this on Google like I just did. I have been looking into Keep in mind:
UPD I have just confirmed with a firewall test that once a connection is dropped and re-established, it gets a different |
Your app should be setting secure cookies after client authenticates, the cookies include session or user id. Cookies get sent with the websocket request in the header and is how you should be identifying the client |
Take into account that there're some ongoing efforts to deprecate cookies (also, cookie blocking browser extensions).
|
@mehov I don't know what are your needs but I've handled connections using onConnectionHandler event to handle function onConnectionHandler(ws: ws, req: http.IncomingMessage) {
let connectionId = req.headers['sec-websocket-key'] as string;
...
ws.on("close", function () { onClose(connectionId ); });
} If connection is dropped, close event will be fired and my onClose function will be called with connectionId in order to pass it to connectionManager calling my destroyConnection function. Hope it helps |
There is no deprecation of 1st class Secure HttpOnly cookies. These are specially designed to hold sensitive data like session id's that can't be accessed by client-side javascript and should be your 1st choice for sending auth info
I don't know why people are giving that a thumbs up, you should not be using that as connection id, a bad client could send whatever value they want for that field. Your server should be assigning a generated connection id, incrementing an integer works fine |
Incrementing an integer is a no-no too. It means it's super easy to find other valid uuids by just trying uuids that differ from your own by 1, 2, 3, -1, -2, -3.... That's why best practice is to generate a uuid using a cryptographic library |
Trying to find out if any attribute of the websocket server module can be used to extract a unique identifier for each unique client connecting to server .
So far tried following ,
however each of them yields unpredictable value ( ie works and doesnt work at times)
Ps : I am using websocket never without using express
The text was updated successfully, but these errors were encountered: