Closed simplesmiler closed 9 years ago
Now that I think of it, better way to solve this would be to carry the cookie name with #removeAuthToken
.
@simplesmiler I'm making some big changes to authentication. It will be localStorage-oriented by default (instead of using cookies), and it will be fully customizable on both client and server - You will be able to provide a custom auth engine to do custom signing/verification on the server and custom loading/saving on the client - All custom functions will asynchronous as you suggested.
I've had to make some structural changes to make it work, but I think it will be worth it. There might be one small API change - It will be a bit simpler.
It's practically ready, but I want more time to test because it's quite a significant change overall. It will fix the issue you mentioned here.
This has been fixed in https://github.com/SocketCluster/socketcluster-client/issues/9
Thanks for your feedback and recommendations. They were really useful :)
From lib/scsocket.js:
The only place where
this._tokenData
gets set is the#setAuthToken
handler. But when user reconnects (and provides token via cookie or by other means), the only received message is#status
, sothis._tokenData
never gets set.As far as I can tell,
this._tokenData
is required by#removeAuthToken
handler purely because it contains the cookie name. I guess this name should also be sent with the#status
message to resolve the issue described above.