Session sharing between Websockets and HTTP

[Weber A.]

Hi,

we are sharing sessions between websocket and HTTP requests.

We see that in HTTP requests the connect.sid gets processed by cookie-parser and validated but during the websocket connection cookie-parser is not called.

The result is that the HTTP request sees a session ID like this:

UlTp92sLseIuSepPWpJr6RLPOip-SdBI

and the corresponding websocket session ID looks like this:

s%3AUlTp92sLseIuSepPWpJr6RLPOip-SdBI.z6gbo9fzFjCewBMPeoH4jen1ZgZOG7A0FQ2ZyVvsJgQ

This leads to problems as they are two separate sessions in the session store.

How can we solve this problem?

Thank you,
   Andreas

[Weber A.]

Small update:

we use connect-route for routing our HTTP requests. I've appended a middleware before the connect-route middleware to add session information to the request object.

To get the correct session, I do the following:

var sessionId = encodeURIComponent('s:'+signature.sign(req.session.id,socketstream.session.options.secret));
socketstream.session.find(sessionId, null, function(session) {

Is this the intended way to do this?

[Henrik Vendelbo]

I think we need to look closer at this. If you are on GitHub feel free to post an issue with this information.

On Tuesday, April 21, 2015 at 2:52:28 PM UTC+2, Weber A. wrote: