I have a typical web application in Node that is utilizing the Express framework and the session middleware. I am also using Socket.io for certain dynamic parts of my application (currently, this is a chat mechanism, but that’s tangential). I’ve been able to successfully set up sessions and socket.io on their own, but would like to combine them (EG: to associate socket chat messages with user accounts without hitting the database).
It should be noted (and I can see this being a possible issue point), I am running two express servers on different ports: one for regular HTTP traffic, and one for HTTPS traffic. However, I am having both servers undergo an idential configuration and share the same session store. Sessions do persist for me between http and https pages. The session is being set initially via a page served from HTTPS and the socket.io page is vanilla HTTP.
I’m following the guide located here to achieve what I am looking for regarding integrating socket.io and sessions. However, within the authorization function, data.headers.cookie is never set, despite the session-based portions of my application working as expected. What’s more strange is that after setting a session, if I do a console.log(document.cookie) from within the browser, I get an empty string, but when I look at my cookies with the Firefox developer toolbar, there is an SID cookie for both express and connect.
Here is the relevant portion of the server code:
var config = {
ip : "127.0.0.1",
httpPort : 2031,
httpsPort : 2032
};
var utils = require("./utils"),
express = require('express'),
fs = require('fs'),
parseCookie = require('./node_modules/express/node_modules/connect').utils.parseCookie,
routes = require('./routes')(config);
var httpsOpts = {
key : fs.readFileSync("cert/server-key.pem").toString(),
cert: fs.readFileSync("cert/server-cert.pem").toString()
};
var app = express.createServer(),
https = express.createServer(httpsOpts),
io = require("socket.io").listen(app, { log: false}),
helpers = require("./helpers.js"),
session = new express.session.MemoryStore(),
sessionConfig = express.session({
store : session,
secret : 'secret',
key : 'express.sid',
cookie : {maxAge : 60 * 60 * 1000}
}); //share this across http and https
configServer(app);
configServer(https);
//get SID for using sessions with sockets
io.set('authorization', function(data, accept){
if(data.headers.cookie){
data.cookie = parseCookie(data.headers.cookie);
data.sessionID = data.cookie['express.sid'];
} else {
return accept("No cookie transmitted", false);
}
accept(null, true);
});
io.sockets.on('connection', function(socket){
//pull out session information in here
});
function configServer(server) {
server.configure(function(){
server.dynamicHelpers(helpers.dynamicHelpers);
server.helpers(helpers.staticHelpers);
server.set('view options', { layout: false });
server.set('view engine', 'mustache');
server.set('views', __dirname + '/views');
server.register(".mustache", require('stache'));
server.use(express.static(__dirname + '/public'));
server.use(express.bodyParser());
server.use(express.cookieParser());
server.use(sessionConfig);
});
}
And here’s the relevant code on the client:
<script src="/socket.io/socket.io.js"></script>
<script type="text/javascript">
$(document).ready(function(){
var socket = io.connect('http://127.0.0.1'); //make sure this isn't localhost!
socket.on('server', function(data){
//socket logic is here
});
}
</script>
UPDATE
Even after setting a cookie manually (and not just a session variable) in the route for the page that is using SocketIO, the cookies portion of the request is still absent.
I never would have thought of this until told to look at the initialization on the client side. I changed the address from localhost to the explicit IP (127.0.0.1) and the cookies are now being sent with the header in Socket.IO. I’m not sure if this is obvious or not, as I assumed localhost was being mapped to 127.0.0.1 anyway.