Hi,
I want to do an authentication step on the server when the connection is established but I've run into a few problems.
The documentation for SockJSConnection.on_open states "If you return False, connection will be rejected. You can also throw Tornado HTTPError to close connection." However, a quick look at the call site in session.py:110 shows that at least the first part isn't true and empirically the second half does not seem true, either.
def verify_state(self):
"""Verify if session was not yet opened. If it is, open it and call connections `on_open`"""
if self.state == CONNECTING:
self.state = OPEN
self.conn.on_open(self.conn_info)
When I found that the above approach didn't work, I tried sending a message to the client to inform it of the authentication error and then closing the connection in on_open. The problem is that for some transports the message will never get sent because the message will be queued (because handler.active is set to False in handler.send_pack() before SockJSConnection.on_open() is called) and the queue is not flushed on close.
Is there a better way to handle authentication before the connection is set up besides doing a full authentication handshake?
Thanks,
Zev