{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 该账号已被封号 的问题《Sails.js authorization for socket requests》','https://www.manongdao.com/q-566012.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm trying to build a chat application based on sails.js. The url for messages from a specific chat looks like this:
/api/chat/:id/messages
When I request this url with XHR, it provides a session cookie and sails.js builds a session object. I can easily check user rights to read the messages from the specific chat.
However, I need to request this url with socket.io so that the client can subscribe to all future changes of the messages collection.
When I request this url with socket.io, no session cookie is set and the sails.js session is empty. So, I cannot check the user rights on the server-side.
I do understand that socket requests are not HTTP-requests. They don't provide any cookies on their own.
Is there any simple workaround?
alevkon,in the above mentioned method you have to implement the same in all the controllers,because you don't know which controller is accessed for the first time...but by sending just one jsonp request you can create a cookie between client and server,the same cookie is used until the next session.
please send a JSONP request from your application before sending a socket request,that will create a cookie and accepts socket requests.
I found a way to get the session object which was set while socket.io handshaking. In your controller, you should do something like this:
You can implement this in sails.js policy, and attach this policy to some controllers. But don't write you socket session into
req.session! Otherwise, you'll get an error trying to respond to the client (originalreq.sessionis still used in some way). Instead, save it asreq.socketSessionor something like that.You can do your initial login over the socket.post() instead of XHR, subsequent socket requests will be authorized.