Token does not get removed if it was not set during connection

[simplesmiler]

From lib/scsocket.js:

... else if (eventName == '#removeAuthToken') {
  if (this._tokenData) {
    this._setCookie(this._tokenData.cookieName, null, -1);
    Emitter.prototype.emit.call(this, 'removeAuthToken');
  }
  var response = new Response(this, obj.cid);
  response.end();
} ...

The only place where this._tokenData gets set is the #setAuthToken handler. But when user reconnects (and provides token via cookie or by other means), the only received message is #status, so this._tokenData never gets set.

As far as I can tell, this._tokenData is required by #removeAuthToken handler purely because it contains the cookie name. I guess this name should also be sent with the #status message to resolve the issue described above.

[simplesmiler]

Now that I think of it, better way to solve this would be to carry the cookie name with #removeAuthToken.

[jondubois]

@simplesmiler I'm making some big changes to authentication. It will be localStorage-oriented by default (instead of using cookies), and it will be fully customizable on both client and server - You will be able to provide a custom auth engine to do custom signing/verification on the server and custom loading/saving on the client - All custom functions will asynchronous as you suggested.

I've had to make some structural changes to make it work, but I think it will be worth it. There might be one small API change - It will be a bit simpler.

It's practically ready, but I want more time to test because it's quite a significant change overall. It will fix the issue you mentioned here.

[jondubois]

This has been fixed in https://github.com/SocketCluster/socketcluster-client/issues/9

Thanks for your feedback and recommendations. They were really useful :)