regarding client authentication
21 views
Skip to first unread message
GoliardWan
Sep 7, 2011, 8:26:25 AM9/7/11
to pywebsocket
Hi,
I build a apache+mod_pywebsocket environment just now. I'm a beginner
in websocket server development, I was wondering if I can use
something like "session" in C# in order to guarantee that each
connection in this application belongs to certain authenticated user
and "can't be" exploited by false user impersonation during the
connection? In other words, how could I implement login issue in
websocket server?
Thanks
I build a apache+mod_pywebsocket environment just now. I'm a beginner
in websocket server development, I was wondering if I can use
something like "session" in C# in order to guarantee that each
connection in this application belongs to certain authenticated user
and "can't be" exploited by false user impersonation during the
connection? In other words, how could I implement login issue in
websocket server?
Thanks
Takeshi Yoshino
Sep 7, 2011, 8:50:05 AM9/7/11
to pyweb...@googlegroups.com
I don't know much about ASP.NET's session, but you can use cookie on WebSocket as well as HTTP http://tools.ietf.org/html/rfc6265 to manage state between connections..
If your server passes some session token as a cookie to a browser, the browser sends it in WebSocket handshake to your server on the next visit.
Takeshi
GoliardWan
Sep 7, 2011, 9:26:41 AM9/7/11
to pyweb...@googlegroups.com
Many thanks for your solutions. I will find out how to save and check cookie's id with client using python code on server.
Reply all
Reply to author
Forward
0 new messages