I am currently working on integrating node.js with socket.io with my PHP Framework.
When the user logs into my site I save his/her session in my database and assign him a userid.
The only way I am able to validate if the request to node.js is valid, is to send the **cookie (session id) and userid to node.js and check the Database, if the session ID is valid and the userid belonging to this session id. This happens with node.js mysql module.
Is this the only method? Is it "safe"?