SocketStream 0.3 alpha3 released - share sessions between websockets and HTTP / Connect apps

[Owen B]

After a very productive week SocketStream 0.3 (alpha3) has just been pushed to Github.

Full changelog here: https://github.com/socketstream/socketstream/blob/master/HISTORY.md

This is a major step forward towards a stable release, bringing with it a killer new feature: the ability to share sessions between HTTP (Connect apps) and Websockets for the first time.

This long-awaited feature means it's now trivial to add HTTP-based authentication, such as Facebook Connect, Twitter OAuth and much more, to your app with the help of libraries such as Everyauth. See documentation here: https://github.com/socketstream/socketstream/blob/master/doc/guide/en/authentication.md

This change also provides a perfect foundation for us (or others) to build RESTful APIs, handle file uploads, and other HTTP enhancements in the future. This has been achieved by using the Connect Session Store in SocketStream instead of our own custom implementation. This has the fortunate side effect that any Connect Session Store (e.g. connect-redis or connect-riak) can now be used with SocketStream.

Alpha3 also means a few breaking changes as we move towards an API which feels better to work with. The biggest change is around websocket middleware. Middleware files are now defined in /server/middleware as we intend to make this available to other websocket responder types (think models) in the future.

To upgrade your existing 0.3 project to the new format just run this line in your shell:

mv server/rpc/middleware server && mv server/rpc/actions/* server/rpc/ && rm -d server/rpc/actions

The websocket middleware API has also been changed to make it easier to work with. See https://github.com/socketstream/socketstream/blob/master/doc/guide/en/websocket_middleware.md for full details and to see how to update your code and use this powerful feature.

0.3 Documentation is still sparse, but is sporadically starting to appear in https://github.com/socketstream/socketstream/blob/master/doc/guide/en

Many thanks to nponeccop and mindeavor for contributing greatly to this release.

Owen

[Dirk Dressel]

Hi Owen,
I tried out the following example:

https://github.com/socketstream/socketstream/blob/master/doc/guide/en/authentication.md

Authenticating using HTTP

Problem
ss.rpc('app.getCurrentUser') just returns 'undefined' after visiting
http://localhost:3000/authenticateMe

comenting out: req.use('session'); and executing 'app.getCurrentUser'
again
will now return 'The current user is ' - but of course complains
about undefined req.session, which is due to the missing session

Am I missing something?

I git cloned alpha3
and did all the necessary install work.


as a side note:

// server/rpc/actions/app.js
-> should be
//server/rcp/app.js

exports.actions = function(req, res, ss){

// tell SocketStream to load session data
req.use('session');

return {

getCurrentUser: function(){
res('The current user is ' + req.session.userId);
}

}
};

[Owen B]

Hi Dirk

The 'session' middleware is designed to drop incoming requests altogether if no session can be found in the DB (or internal memory). This explains why you didn't get any response to the ss.rpc('app.getCurrentUser') request (undefined is the return value from the ss.rpc() call), of course it doesn't explain why no session was found.

After trying the example code on different browsers, I eventually managed to reproduce this error after setting the ss.session.options.maxAge value to a very low setting (10 seconds) and waiting for the cookie to expire. This brings up the issue of how we should handle expiring session as silently dropping traffic is not the answer. There is more work to do here.

For now, after giving things more thought and better understanding what the maxAge value does (it persists the same cookie even if you close the browser), I've decided to remove the 30 day default so a session now last until the user closes the browser - which makes a lot more sense I think.

Please update to the latest version and try again. It should definitely work now. If not please open an issue on github and we'll figure it out.

Docs fixed now too. Thanks.

Owen

[Dirk Dressel]

Hi Owen,

now it works. I git cloned the newest version.

But I had to delete old cookies first to get it to work though.


https://github.com/socketstream/socketstream/issues/140

The chat example works too. But only after deleting old cookies.

[Dirk Dressel]

One more thing:

In my app I had to call req.use('session') before calling
req.use('admin.user.checkAuthenticated')
Otherwise 'admin.user.checkAuthenticated' doesnt know about
req.session.

exports.actions = (req, res, ss) ->

req.use('session')
req.use('admin.user.checkAuthenticated')

###

This should be clarified in the docs:

https://github.com/socketstream/socketstream/blob/master/doc/guide/en/websocket_middleware.md

[Owen B]

Hi Dirk

I'm glad it's working for you now. I'm going to investigate the cookie issue a bit more as I have an idea why this is happening. For now, if anyone has problems, please clear your cookies and try again.

Thanks for the tip on the docs. I've amended them now.

Owen

[Owen B]

Just to confirm, the session cookies bug was fixed yesterday and pushed to Github. It only presented a problem if you had more than one cookie set which is why it was difficult to catch.

The cause was a mixup over two very similar methods in Javascript:

http://nathanhoad.net/javascript-difference-between-substr-and-substring

Got to love JS sometimes :P

Owen

[Gilbert B Garza]

Wow, I didn't even know javascript had a second substring method. That's dirty.

Gilbert