Open shellka opened 9 years ago
jfromaniello
commented
9 years ago We don't support sending the cookie in the querstring, but the session_id. Feel free to send a PR handling a querystring like ?cookie=x.
I will be ok to add support for this although I think is not a good practice to do this.
If you need support for CORS I will rather use JWT:
fenwick67
commented
9 years ago The Readme.md section on the CORS workaround basically says "send the cookie".
socket = io.connect('//' + window.location.host, {
query: 'session_id=' + readCookie('your.sid-key')
}); But really, you need to send the session ID. This is working client-side code:
socket = io.connect('//' + window.location.host, {
query: 'session_id=' + readCookie('your.sid-key').replace('s:','').split('.')[0]
}); Also on the server-side you have to make sure to configure express-session to not use HTTP cookies, otherwise the JS on your client can't read the cookie. You may want to put that in the readme as well.
app.use(session({
secret: mySecret,
cookie: {maxAge: resetTime,httpOnly:false},
key:'your.sid-key',
store:sessionStore
}));
EdiHadzic
commented
3 years ago Thanks this answer helped me i also noticed some performance issues when using io.connect('//' + window.location.host,...) it is much more performance wise to change it to actual link like io.connect("http://localhost:5000, {...})
EdiHadzic
commented
3 years ago Also for some reason i couldnt log out when using io.connect('//' + window.location.host,...) my store wasnt getting updated but changing to localhost fixed it
Hello. If we are using query to set session_id we should parse it like singed cookie. query: 'session_id=' + readCookie('your.sid-key') - we have secured sid there. and on server side we have too secured: (data._query && data._query.session_id)