Node.js, ws and express-session : how to get session object from ws.upgradeReq

Ok, I've found an undocumented way studying the source code of express-session.

First of all you need cookie and cookie-parser as your dependency.

so, import the modules

var cookie = require('cookie');var cookieParser = require('cookie-parser')

Then, the trick is to decode the signed cookie in the ws "connection" event handler that is when there is the websocket handshake.First of all you need to decode from the cookie the connect.sid that is the session id (only if you are using express-session for the session management)

wss.on('connection', function connection(ws) {    var cookies=cookie.parse(ws.upgradeReq.headers.cookie);    var sid=cookieParser.signedCookie(cookies["connect.sid"],secret);    ...

TAke care that the secret is the same that you have set for the signature in express-session (that is in app.use(session({secret: secret, resave: true, saveUninitialized: true, cookie: {},store:store})); )At this point you have the sessoinID in sid, the you want to get the Session Object from express-session, that is passed you asyncronously from the store ( there are many, read the doc, at the moment I've tested only with the MemoryStore of express-session).

In order to get the session then use this code, right after the lines above

...store.get(sid,function(err, ss){        store.createSession(ws.upgradeReq,ss)    });

the callback function will give you the session object (ss) directly from the store but it is alone and without methods ( is just a deserialized JSON). So for this reason we use again the store.createSession to which we pass the upgradeReq and the ss object, in this way I have a session object that has all the documented methods ( so I can also modify the session from ws callbacks).

The new session object is available in:

ws.upgradeReq.session

Take care:The session object is not available until the store asyncronously return the ss object, so it would be a good practise to complete the websocket event bindings ( like on('message',...)inside the callback passed to the store.get.

This is the complete code:

wss.on('connection', function connection(ws) {    var location = url.parse(ws.upgradeReq.url, true);    //get sessionID    var cookies = cookie.parse(ws.upgradeReq.headers.cookie);    var sid = cookieParser.signedCookie(cookies["connect.sid"], secret);    //get the session object    store.get(sid, function (err, ss) {        //create the session object and append on upgradeReq        store.createSession(ws.upgradeReq, ss)        //setup websocket bindings        ws.on('message', function incoming(message) {            console.log('received: %s', message);            //..........        });    });});

SO, now you can manage session data using ws and express-session together.

I hope it will help!

I just found out that at version 3.0.0 upgradeReq was removed from WebSocket. A workaround for existing code of alexroat:

wss.on('connection', function connection(ws, req) {    ws.upgradeReq = req;    var location = url.parse(ws.upgradeReq.url, true);    //get sessionID    var cookies = cookie.parse(ws.upgradeReq.headers.cookie);    var sid = cookieParser.signedCookie(cookies["connect.sid"], secret);    //get the session object    store.get(sid, function (err, ss) {        //create the session object and append on upgradeReq        store.createSession(ws.upgradeReq, ss)        //setup websocket bindings        ws.on('message', function incoming(message) {            console.log('received: %s', message);            //..........        });    });});