heroku-python / flask-sockets

[DEPRECATED] Alternative: https://github.com/miguelgrinberg/flask-sock
MIT License
1.74k stars 164 forks source link

add support for cookies in the websocket #31

Closed robertaistleitner closed 7 years ago

robertaistleitner commented 8 years ago

if cookies are used for session handling, please note that you have to persist your session manually.

something like self.app.save_session(session, make_response("")) after messages are received does the trick.

kennethreitz commented 8 years ago

Hmmm, interesting. I hadn't thought (or heard) of websockets+cookies, since the emphasis is on the connection, not the request itself.

Do you have any links to other people using this pattern?

robertaistleitner commented 8 years ago

Nope I haven't heard of other people doing this - but to be honest I didn't research a lot on it. I just found your library very useful and had the need to reuse existing (authenticated) sessions from XHR calls also done via flask, so I just researched on if it's even possible to use cookies with websockets.

As I found out websockets also can use cookies and now I'm able to use existing authentication methods, which is fine.

soasme commented 8 years ago

Another flask websocket extension Flask-SocketIO maintains a copy of flask.session for each client, which will be modified when flask.session is manipulated.

But I doubt whether it is appropriate in this library, since Flask-Sockets cares more about routing issue. Maybe you can wrap your view functions with a login_required decorator in your application?

robertaistleitner commented 8 years ago

My idea was to make it possible to use websockets AND ordinary XHR requests to the same server and handling the session management only once. Now it's possible for me to either login with a XHR call or with a Websocket RPC.

If there's no need to put it in this library, it's totally fine for me. Maybe it's just my use case where this makes sense.

PS @soasme: I use such a login_required decorator, but on a RPC method level, which checks the session for authentication.

It's a little hard to explain, but I hope you can get my point.

kennethreitz commented 7 years ago

@robertaistleitner can you send another pull request adding some documentation for this?