Closing a socket server side on socket.io?

Question

I'm pretty sure this is a simple question, but I have no idea where the socket.io docs are and the one at http://labs.learnboost.com/socket.io/ don't really help.

So let's say I have a socket.io http server and written a website to connect to it.

How do I provide protection to the server so that unauthorized people(people who connected not through the website) will be blocked/dropped/banned.

How do I end a socket connection on the server side? So If I have

io.sockets.on('connection', function (socket) {
socket.on('end', function() {
    var i = global_sockets_list.indexOf(socket);
    global_sockets_list.splice(i, 1);
  });

  socket.emit('end'); // Doesn't work, just sends data
  socket.end(); //error

});

How do I end a socket connection? (The connect then disconnect above is for testing)

how are people connecting in an unauthorized fashion. I am working with socket.io and was curious to make sure the web server with socket.io is secured. — j10, Dec 04 '15 at 14:01

score 19 · Accepted Answer · edited May 23 '17 at 11:53

19

Try calling:

socket.disconnect('unauthorized');

or

socket.close();

EDIT: You might be able to check the referer header. Look at Socket.io Security Issues for more info.

edited May 23 '17 at 11:53

Community

1
1

answered Sep 20 '11 at 23:29

Femi

64,273
8
118
148

3

socket.close() doesn't work, but socket.disconnect() did. THX, btw do u know where the full documentation for socket.io is? – Derek Sep 20 '11 at 23:43
There really isn't any good detailed documentation beyond the wiki (see https://github.com/LearnBoost/socket.io/wiki). In my case I open up the socket.io source code and look for suitably named functions (like `disconnect` or `close` :)). – Femi Sep 20 '11 at 23:57
Do you know the answer to my question part 1? – Derek Sep 21 '11 at 00:09
There is additional documentation here https://github.com/socketio/socket.io/blob/master/lib/client.js#L108-L122 – Harry Mumford-Turner Jul 12 '18 at 21:55

score 13 · Answer 2 · answered Jul 10 '15 at 20:06

On the server side there is a socket.disconnect method that takes a boolean meaning close the underlying transport connection. Here's the source code with docs as of July 2010:

/**
 * Disconnects this client.
 *
 * @param {Boolean} if `true`, closes the underlying connection
 * @return {Socket} self
 * @api public
 */

Socket.prototype.disconnect = function(close){
  if (!this.connected) return this;
  if (close) {
    this.client.disconnect();
  } else {
    this.packet({ type: parser.DISCONNECT });
    this.onclose('server namespace disconnect');
  }
  return this;
};

So you should call socket.disconnect(true);

Upvote for this one because while `'unauthorized'` works, it works because it's _truthy_; this is the more appropriate way of using the `disconnect` function. — Shibumi, Nov 11 '16 at 20:04

Closing a socket server side on socket.io?

2 Answers2

Linked