socket.io and session?

This won't work for sockets going over the flashsocket transport (it doesn't send the server the needed cookies) but it reliably works for everything else. I just disable the flashsocket transport in my code.

To make it work, in the express/connect side, I explicitly define the session store so I can use it inside socket:

MemoryStore = require('connect/middleware/session/memory'),var session_store = new MemoryStore();app.configure(function () {  app.use(express.session({ store: session_store }));});

Then inside my socket code, I include the connect framework so I can use its cookie parsing to retrieve the connect.sid from the cookies. I then look up the session in the session store that has that connect.sid like so:

var connect = require('connect');io.on('connection', function(socket_client) {  var cookie_string = socket_client.request.headers.cookie;  var parsed_cookies = connect.utils.parseCookie(cookie_string);  var connect_sid = parsed_cookies['connect.sid'];  if (connect_sid) {    session_store.get(connect_sid, function (error, session) {      //HOORAY NOW YOU'VE GOT THE SESSION OBJECT!!!!    });  }});

You can then use the session as needed.

The Socket.IO-sessions module solution exposes the app to XSS attacks by exposing the session ID at the client (scripting) level.

Check this solution instead (for Socket.IO >= v0.7). See docs here.

I suggest not to entirely reinvent the wheel. The tools you need is already an npm package.I think this is what you need: session.socket.ioI am using it in these days and it will be very helpful I guess!! Linking the express-session to the socket.io layer will have so many advantages!