Sails.js authorization for socket requests
I found a way to get the session object which was set while socket.io handshaking.In your controller, you should do something like this:
myControllerAction: function(req, res) { var session = req.session; if (req.isSocket) { var handshake = req.socket.manager.handshaken[req.socket.id]; if (handshake) { session = handshake.session; } } //session now contains proper session object}
You can implement this in sails.js policy, and attach this policy to some controllers. But don't write you socket session into req.session
! Otherwise, you'll get an error trying to respond to the client (original req.session
is still used in some way). Instead, save it as req.socketSession
or something like that.
please send a JSONP request from your application before sending a socket request,that will create a cookie and accepts socket requests.
You can do your initial login over the socket.post() instead of XHR, subsequent socket requests will be authorized.