How to authenticate socket.io connection without underlying useragent to keep the cookies and persist the session

Question

I'm trying to test an app's socket.io which uses passport.socketio to authenticate the socket connection

var socket = require('socket.io-client')('http://localhost:' + app.PORT);

This does not work because there's no accompanying cookie.

Even if I get the cookie from a persisted superagent session

var cookie;
var agent = request.agent(app);
agent.post('/login').send('credentials').end(function(err, res) {
    cookie = res.req._headers.cookie;
});

where/how do I use it ?

I found that there are already quite a few requests for socket.io-client to add cookie support

http://github.com/LearnBoost/socket.io-client/issues/450
http://github.com/LearnBoost/socket.io-client/pull/439
http://github.com/LearnBoost/socket.io-client/issues/344

but I don't see them going anywhere.

Is there any other solution to use persistent cookie session with socket while testing?

laggingreflex laggingreflex · Accepted Answer · 2014-05-20T07:46:27

Cookie data could be passed using querystring

agent.post('/login').send('credentials').end(function(err, res) {
    cookie = res.req._headers.cookie.replace(/=/g, '%3D');   //escape '=' 
});

socket = require('socket.io-client')('http://localhost' + '/?cookie=' + cookie);

It becomes available in the server socket

io.set('authorization', function(handshakeData, callback){
    handshakeData._query.cookie;
});

And so it can be used to perform authorization. Since I was using passport.socketio, it plays nicely with a little change to check this query string instead of headers.

How to authenticate socket.io connection without underlying useragent to keep the cookies and persist the session

1 Answers