I'm pretty sure this is a simple question, but I have no idea where the socket.io docs are and the one at http://labs.learnboost.com/socket.io/ don't really help.

So let's say I have a socket.io http server and written a website to connect to it.

1. How do I provide protection to the server so that unauthorized people(people who connected not through the website) will be blocked/dropped/banned.

2. How do I end a socket connection on the server side? So If I have

   io.sockets.on('connection', function (socket) {
   socket.on('end', function() {
       var i = global_sockets_list.indexOf(socket);
       global_sockets_list.splice(i, 1);
     });
   
     socket.emit('end'); // Doesn't work, just sends data
     socket.end(); //error
   
   });
   

How do I end a socket connection? (The connect then disconnect above is for testing)

Try calling:

socket.disconnect('unauthorized');

or

socket.close();

EDIT: You might be able to check the referer header. Look at Socket.io Security Issues for more info.

On the server side there is a socket.disconnect method that takes a boolean meaning close the underlying transport connection. Here's the source code with docs as of July 2010:

/**
 * Disconnects this client.
 *
 * @param {Boolean} if `true`, closes the underlying connection
 * @return {Socket} self
 * @api public
 */

Socket.prototype.disconnect = function(close){
  if (!this.connected) return this;
  if (close) {
    this.client.disconnect();
  } else {
    this.packet({ type: parser.DISCONNECT });
    this.onclose('server namespace disconnect');
  }
  return this;
};

So you should call socket.disconnect(true);