1

I'm using Socket.IO in Node.js, and need a system to authenticate users connecting through websockets. The both key questions are, how to:

1) get the information to the server about who is connecting via Socket.IO

2) authenticate who they say they are

Basically, my question is exactly similar to this question, but as nearly 4 years have past since the question was answered, I wanted to make sure if this is still best - practice. Another answer on the question posted at the beginning of this year is about using tokens, so what would be the way to go for a new application?

Community
  • 1
  • 1
baao
  • 71,625
  • 17
  • 143
  • 203
  • 1
    possible duplicate of [Socket.IO Authentication](http://stackoverflow.com/questions/4753957/socket-io-authentication) – generalhenry Dec 09 '14 at 23:14
  • @generalhenry I'm not sure if you have seen it, but the question is 4 years old, as I have mentioned in my question. I am looking for an answer according to modern development. – baao Dec 09 '14 at 23:29
  • 1
    I took a look. The answers there all look just as good today as they looked back then. – generalhenry Dec 09 '14 at 23:30
  • So what do you recommend? Token or cookie? ( What the actual question is about ) @generalhenry – baao Dec 09 '14 at 23:32
  • A cookie is a token, just one that gets some special treatment by the browser. The important part is how you authenticate your token once it comes down the websocket (which is where solutions such as redis or jwt come in). – generalhenry Dec 10 '14 at 00:55

0 Answers0