0

I'm trying to implement sessions in my node.js app which makes heavy use of socket.io. I'm struggling with this currently, and found a rather simple solution which recommends using the socket itself to store the session information. For example: 

socket.on('login', function(username) {
   if (loginSuccessful() {
       socket.sessionID = generateSessionId();
   }
});

socket.on('logout', function(username) {
       socket.sessionID = null;
});

I am worried that such a simple solution wouldn't be secure, however, I'm not sure if there is any clear vulnerability this solution would have.

Alk
  • 5,215
  • 8
  • 47
  • 116
  • Possible duplicate of [socket.io and session?](https://stackoverflow.com/questions/4641053/socket-io-and-session) – tbking Jun 11 '18 at 19:44
  • I've seen that before, this isn't the same thing - I'm asking about the vulnerabilities of a particular approach, not about how to use express and socket.io for session management (that's the complicated approach I'm trying to avoid) – Alk Jun 11 '18 at 19:45

0 Answers0