Closed robertaistleitner closed 7 years ago
Hmmm, interesting. I hadn't thought (or heard) of websockets+cookies, since the emphasis is on the connection, not the request itself.
Do you have any links to other people using this pattern?
Nope I haven't heard of other people doing this - but to be honest I didn't research a lot on it. I just found your library very useful and had the need to reuse existing (authenticated) sessions from XHR calls also done via flask, so I just researched on if it's even possible to use cookies with websockets.
As I found out websockets also can use cookies and now I'm able to use existing authentication methods, which is fine.
Another flask websocket extension Flask-SocketIO
maintains a copy of flask.session
for each client, which will be modified when flask.session
is manipulated.
But I doubt whether it is appropriate in this library, since Flask-Sockets cares more about routing issue.
Maybe you can wrap your view functions with a login_required
decorator in your application?
My idea was to make it possible to use websockets AND ordinary XHR requests to the same server and handling the session management only once. Now it's possible for me to either login with a XHR call or with a Websocket RPC.
If there's no need to put it in this library, it's totally fine for me. Maybe it's just my use case where this makes sense.
PS @soasme: I use such a login_required
decorator, but on a RPC method level, which checks the session for authentication.
It's a little hard to explain, but I hope you can get my point.
@robertaistleitner can you send another pull request adding some documentation for this?
if cookies are used for session handling, please note that you have to persist your session manually.
something like
self.app.save_session(session, make_response(""))
after messages are received does the trick.