You haven’t implemented any session authentication for your socket.io. By default every connection to your socket.io is a new connection, although it has the same cookie ( session_id in your cookie ). There is a special option for socket.io to pass every request through authentication function something like:

var sAuthorization = function(req, cb) {
    if ( req.headers.cookie ) { 
        cb(null, true); return; // We have cookie
    } else {
        cb(null, false); return; // We don't have cookie drop the connection
    };

var socket = require('socket.io').listen(app, { authorization: sAuthorization });
    

Things you should do to make it work ( I will not write this as a code, becuase there are a lot of modifications needed ) :

1. Implement giving the user a name in your initial http connection within express ( every user should be given an username for their unique session );
2. Implement sessionStore which can be reached by express & socket.io ( see this gist for some ideas how to do it ( it uses nowjs but it’s the sessionStore code you have to look ). Actually it’s better if you place your sessionStore in some database, not in your MemoryStore.
3. Make your socket.io authorization sub to reach this sessionStore and get the username, then place it as a parameter for this socket as usual : socket.set('name', ....

Pretty much that’s it. It’s not as hard as it sounds, but that’s the proper way of doing this.

Further reading :

1. https://github.com/LearnBoost/Socket.IO/wiki/Configuring-Socket.IO
2. https://github.com/LearnBoost/socket.io/wiki/Authorizing

Update :

Look at this answer it will be very helpful for you
Securing Socket.io

Update II :

I’ve created a Gist file here with that code https://gist.github.com/1b17fd2a7b324cb3411a

var express = require('express'),
    app = express(),
    http = require('http'),
    server = http.createServer(app),
    users = 0,
    MemoryStore = express.session.MemoryStore,
    sessionStore = new MemoryStore(),
    parseCookie = require('cookie').parse,
    utils = require('connect').utils,
    io = require('socket.io').listen(server);

app.use( express.bodyParser() );
app.use( express.cookieParser('secret') );
app.use( express.session({secret: 'secret', store:sessionStore}) );

app.get('/', function(req, res) {
    var user = req.session.username ? req.session.username : null;
    if ( !user ) {
        user = 'user_' + users++;
        req.session.username = user;
        req.session.save();
    }
    res.send('<!doctype html> \
        <html> \
        <head><meta charset="utf-8"></head> \
        <body> \
            <center>Welcome ' + user + '</center> \
            <script src="/socket.io/socket.io.js"></script> \
            <script> \
                var socket = io.connect(); \
                socket.emit("message", "Howdy"); \
            </script> \
        </body> \
        </html>');
});

io.configure(function () {
    io.set('authorization', function (request, callback) {
        var cookie = parseCookie(request.headers.cookie);
        if( !cookie && !cookie['connect.sid'] ) {
            return callback(null, false);
        } else {
            sessionStore.get(utils.parseSignedCookie(cookie['connect.sid'], 'secret'), function (err, session) {
                if ( err ) {
                    callback(err.message, false);
                } else {
                    if ( session && session.username ) {
                        request.user = session.username;
                        callback(null, true);
                    } else {
                        callback(null, false);
                    }
                }
            });
        }
    });
});

io.sockets.on('connection', function (socket) {
    socket.on('message', function(msg) {
        console.log(msg + 'from '+ socket.handshake.user);
    });
});

server.listen(8000);