在websocket握手上使用会话数据 [英] Use session data on websocket handshake
问题描述
如果登录的用户导航到要使用WebSockets的站点的某个区域,我如何获取该会话ID,以便可以在服务器上识别他?
If a logged in user navigates to a certain area of the site which is to use WebSockets, How can I grab that session Id so I can identify him on the server?
我的服务器基本上是一个无休止的while循环,其中包含有关所有已连接用户和内容的信息,因此为了获取该ID,我认为唯一合适的时刻是握手,但是不幸的是,握手的请求标头不包含Cookie数据:
My server is basically an endless while loop which holds information about all connected users and stuff, so in order to grab that id I figured the only suitable moment is at the handshake, but unfortunately the handshake's request headers contain no cookie data:
请求标头
接受:text/html,application/xhtml + xml,application/xml; q = 0.9,/; q = 0.8
接受编码:gzip,放气
接受语言:en-US,en; q = 0.5
缓存控制:无缓存
连接:保持活动状态,升级
DNT:1
主机:192.168.1.2:9300
来源:http://localhost
语篇:无缓存
Sec-WebSocket-密钥:5C7zarsxeh1kdcAIdjQezg ==
Sec-WebSocket-版本:13
升级:websocket
用户代理:Mozilla/5.0(Windows NT 6.1; WOW64;
rv:27.0)Gecko/20100101 Firefox/27.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.5
Cache-Control: no-cache
Connection: keep-alive, Upgrade
DNT: 1
Host: 192.168.1.2:9300
Origin: http://localhost
Pragma: no-cache
Sec-WebSocket-Key: 5C7zarsxeh1kdcAIdjQezg==
Sec-WebSocket-Version: 13
Upgrade: websocket
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
rv:27.0) Gecko/20100101 Firefox/27.0
那么我该如何真正获取该ID?我以为我可以以某种方式强迫JavaScript与该请求一起发送Cookie数据,但是2014年任何自重的网站都将带有httpOnly会话Cookie,因此无法正常工作.任何帮助,我们将不胜感激!
So how can I really grab that id? I thought I could somehow force javascript to send cookie data along with that request but any self-respecting website in 2014 will have httpOnly session cookies so that wont work out. Any help is greatly appreciated!
以下是我正在使用的服务器的链接: https://github.com/Flynsarmy/PHPWebSocket-Chat/blob/master/class.PHPWebSocket.php (感谢接受的答案)
Here's a link for the server I'm using: https://github.com/Flynsarmy/PHPWebSocket-Chat/blob/master/class.PHPWebSocket.php (thanks to accepted answer)
推荐答案
仅HTTP cookie和安全cookie可以在websocket中正常工作.
http only cookies as well as secure cookies work fine with websocket.
某些Websocket模块已选择忽略请求中的cookie,因此您需要阅读该模块的规格.
Some websocket modules have chosen to ignore cookies in the request, so you need to read the specs of the module.
尝试:websocket节点: https://github.com/Worlize/WebSocket-Node .
Try: websocket node: https://github.com/Worlize/WebSocket-Node.
确保将安全的Websocket协议用作wss://xyz.com
Make sure to use the secure websocket protocol as wss://xyz.com
此外,Chrome浏览器将不在检查元素"的网络"标签中显示Cookie.
Also, chrome will not show the cookies in the "inspect element" Network tab.
在节点中尝试转储请求,类似于:
In node try dumping the request, something like:
wsServer.on('request', function(request) {
console.log(request);
console.log(request.cookies); // works in websocket node
}
如果您在日志中的某个位置看到了cookie,那么您就知道了.
If you see the cookies somewhere in the log...you've got it.
如果您使用的是仅安全cookie,则需要使用安全的Web套接字:wss://
If you're using secure-only cookies, you need to be in secure web sockets: wss://
cookies在初始请求中传递. Chrome不会(始终)显示该消息,因为有时会显示一些临时标题,而这些标题会忽略Cookie信息.
The cookies are passed in the initial request. Chrome does not show it (all the time) as sometimes it shows provisional headers which omits cookie information.
由websocket服务器对cookie进行处理"并将其附加到每个请求.
It is up to the websocket server to do 'something' with the cookies and attach them to each request.
查看服务器的代码: https://github.com/Flynsarmy /PHPWebSocket-Chat/blob/master/class.PHPWebSocket.php 我在任何地方都看不到"cookie"一词,因此它没有被很好地打包并附加到每个websocket连接上.我可能是错的,这就是为什么您可能想与开发人员联系,以查看整个标头是否附加到每个连接以及如何访问它的原因.
Looking at the code of your server: https://github.com/Flynsarmy/PHPWebSocket-Chat/blob/master/class.PHPWebSocket.php I do not see the word "cookie" anywhere, so it is not being nicely packaged and attached to each websocket connection. I could be wrong, that's why you might want to contact the developer and see if the whole header is being attached to each connection and how to access it.
这可以肯定地说:如果您使用的是安全cookie,那么除非您使用安全websocket wss://mysite.com,否则将不会不传输cookie.普通ws://mysite.com将不起作用.
This I can say for certain: If you're using secure cookies then cookies will not be transmitted unless you use the secure websocket wss://mysite.com. Plain ws://mysite.com will not work.
此外,仅当域与网页相同时,才会在请求中传输Cookie.
Also, cookies will only be transmitted in the request if the domain is the same as the webpage.
这篇关于在websocket握手上使用会话数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
