0

so I have 2 pages: Chat page which runs on Node.js and Socket.io (WebSockets). And main page where user logins etc... I want to make it so when user logins on main page -> it validates details -> then stores user ID in session and goes into chat where he's identified by his userID.

Oh yeah and user accounts are stored on MySQL.

arleitiss
  • 1,304
  • 1
  • 14
  • 38

2 Answers2

1

You can parse PHP (file-based) sessions from node with a module like groan. However, a better solution is probably to use a better session store such as redis. An example of sharing sessions between node and PHP using redis can be found here.

Community
  • 1
  • 1
mscdex
  • 104,356
  • 15
  • 192
  • 153
0

Okay. Cookies mechanism was created to communicate with different environments. Let's use it..

PHP:

Validate user data and save it into DB and then save id to cookies.

NodeJS:

Read that id from cookies and get data from DB (MySQL provider for nodejs)

Max
  • 1,824
  • 13
  • 22
  • I had that approach in mind but: What stops user from modifying cookie, setting ID to other user and using his personality to chat? – arleitiss Oct 13 '14 at 00:01
  • Then you need to more advanced way -- tokens. Set ID and token (sha1 hash for example). Store both of these in DB and then try to find entry equals to it. Hacker will must to use brute-force attack (not dangerous) to hack this. You can even add expire time for tokens – Max Oct 13 '14 at 00:04