I am currently using Websockets within my php project [Ratchet, Symfony]. When a user gets logged in, he automatically gets connected to a channel within the websocket connection. I am able to push messages to the channel and to receive + display them on the client. So managing access to the websocket when connecting to it after login is no problem. Assuming we have the following case, I get a problem when it comes to authentication:
- User is logged in and has access to a channel
- User logs out on another tab or clears its cache
- Until the user reloads his page, he still gets the messasges of the websocket channel.
I checked that the user , when using websockets and not ajax, is still logged in on the websocket side symfony session. When I check the same using an ajax demo -request, the user is not logged in anymore. This is the main problem, the websocket session is not synchronized with the symfony session well, because in the symfony session, the user is logged out but on the Websocket , he is still logged in.
Initially, I tried the following to avoid the described scenario above:
- When a user gets a new message through the websocket channel, I first check by using a remote call procedure if the user is still logged in by sending a flag true or false from server (Thats where the problem with the unsynchronized session occurs)
- When the flag is false, I unsubscribe the user from the channel
- When the flag is true, I process the callback of the websocket channel.
In general, I think this approach would be fine (?) , but the problem I see is the unsychronized session. How to synchronize it or force the websocket channel to check for the cookie / send it again when a push reaches it? How do you handle this kind of situation?
