Adding a cookie value on Socket.IO

Asked 27/5, 2012 at 3:1 Answered 21/6, 2015 at 19:23

Solved node.js cookies express socket.io

How to add a cookie value on Socket.IO?

io.sockets.on('connection', function (client)
{ 
    console.log(client.id); 
    client.handshake.headers.cookie.socketID = client.id;   // not work
 // client.handshake.headers.cookie("socketID",client.id);  //crash

    console.log(client.handshake.headers.cookie);
// The current output is:
//connect.sid=tI21xumy3u2n4QXO1GljmPAf.pzFQ1Xu%2B6bz36secu4VSCdSNU8PT1L44gQZ4kFUFQqQ
//this is express session id, and I also want to add client.id of Socket.IO. 

//...........
}

I have read http://www.danielbaulig.de/socket-ioexpress/ , but I do not need session management on node.js, but just need to add a socket.io client ID value in cookie as connect.sid does.

Zombie answered 27/5, 2012 at 3:1 Comment(1)

#4754732 – Microminiaturization 31/12, 2018 at 12:38

Take a look at Authorization with Socket.io. This is where it handles the initial connection request, and where you can set a response header.

I'm not sure if the cookie(name,value) shorthand works, though you can try setting it manually:

    var date = new Date();
    date.setTime(date.getTime()+(days*24*60*60*1000)); // set day value to expiry
    var expires = "; expires="+date.toGMTString();

    handshake.headers.cookie = name+"="+value+expires+"; path=/";

Fiveandten answered 27/5, 2012 at 14:53 Comment(9)

Thank you, Wes. I understand Authorization with Socket.io better. However, my concern is, since the block is outside of "io.sockets.on('connection', function (client){......})", it looks not to be able to deal with client.id which I want to include with cookie. Any suggestion about this?? – Zombie 27/5, 2012 at 20:42

I would handle things with client-side code. Ie: emit an event to the client with the socket ID as data and have the client code save down a cookie. You could then read the request cookie in the authorization block on the server side through handshake.headers.cookie. I'm not sure why you'd want to do that though, as the socket.id shouldn't be persisted between sessions. On disconnect it's irrelevant. – Fiveandten 27/5, 2012 at 21:44

I suggested using authorize to save client-specific data as any changes you make to handshake.headers on authorization are accessible in client.handshake in your main app, as you suggest above. Without more info on your use case, it's hard to get more specific. – Fiveandten 27/5, 2012 at 21:46

Thanks Wes. Sorry for having let you guess my case. Here is my configuration: A full ajax page on client side that opens popup window that deal with everyauth redirect process. The main page is just static having an opened socket.IO connection. – Zombie 27/5, 2012 at 21:58

everyauth.com ends up a redirected page after the authorization on the popup window which currently includes Express session ID only. However, since I need to bundle the redirected page with the main full ajax page(no reload, no redirect, has a static socket.IO connection as long as 'app' is opened), I also need to include socket.id(client.id) with cookie. – Zombie 27/5, 2012 at 22:8

wes, I launched more detailed Question here. #10778649 – Zombie 28/5, 2012 at 0:23

As you suggested, I found this kind of cookie need to be add from client side, and it works now. Thanks. Add this on the above question page, too. Thanks a lot again! – Zombie 28/5, 2012 at 1:36

If setting up a cookie value this way and checking the browser nothing gets stored. Any idea why? – Gingery 24/3, 2017 at 13:41

@C4u this answer was 5 years ago, I believe Socket.io changed the authorization callback to drop the handshake prop. See the docs. Either way, you should use the browser Network devtools to check the initial socket request / response headers to see what's happening with your cookies. – Fiveandten 27/3, 2017 at 14:23

-4

May seem hacky, I tried all sorts of ways to set a cookie on response to the handshake get request with no success. However, I managed to make it work by tweaking the socket.io prototype code it-self.

In socket.io version 1.3.4,

in \node_modules\socket.io\node_modules\engine.io\lib\server.js

change line 249 from :

headers['Set-Cookie'] = self.cookie + '=' + id;

headers['Set-Cookie'] = req.headers.cookie;

all cookies in the request will be returned in the response

Variola answered 21/6, 2015 at 19:23 Comment(5)

It is not a great idea to change source code since when you update the version or install the app on another server your changes will be lost. – Treasurehouse 1/6, 2016 at 12:7

this is terrible advice. this will only work until the next npm install. – Warwickshire 23/12, 2016 at 8:39

At the time of writing this comment there was no other solution – Variola 26/7, 2017 at 17:23

The only safe way to do this is to fork socket.io, and regularly patch your version from the active project. While, I don't recommend it, you don't deserve a down-vote for suggesting a working hack. – Chainey 22/11, 2018 at 16:2

just for the argue. he can changed the prototype on run time. so it will be presist over npm install – Blinnie 6/2, 2019 at 8:53

Recommended topics

Hot tags