无法从Socket.IO的Cookie获取Express会话ID [英] Can't get Express session ID from cookies w/ Socket.IO

问题描述

我在Node中有一个典型的Web应用程序，它正在利用Express框架和会话中间件。我也在使用Socket.io的应用程序的某些动态部分（目前来说，这是一个聊天机制，但这是切向的）。我已经能够自己成功地设置会话和socket.io，但是想要组合它们（EG：将套接字聊天消息与用户帐户关联而不用打数据库）。

$应该注意（我可以看到这是一个可能的问题点），我在不同端口上运行两个快速服务器：一个用于常规HTTP流量，一个用于HTTPS流量。但是，我正在使两台服务器进行身份验证配置并共享相同的会话存储。会话在http和https页面之间对我来说是持续的。该会话最初是通过从HTTPS提供的页面设置的，而socket.io页面是vanilla HTTP。

我正在关注这里来实现我正在寻找的关于集成socket.io和会话的内容。但是，在授权功能中，尽管我的应用程序的基于会话的部分按预期工作，但始终没有设置data.headers.cookie。更奇怪的是，在设置会话后，如果我在浏览器中执行 console.log（document.cookie），我会得到一个空字符串，但是当我看在我的cookies与Firefox开发者工具栏，有一个SID cookie用于快速和连接。

这是服务器代码的相关部分：

  var config = {
 ip：127.0.0.1，
 httpPort：2031，
 httpsPort：2032 
}; 
 
 var utils = require（./ utils），
 express = require（'express'），
 fs = require（'fs'），
 parseCookie = require（'./ node_modules / express / node_modules / connect'）。utils.parseCookie，
 routes = require（'./ routes'）（config）; 
 
 var httpsOpts = {
 key：fs.readFileSync（cert / server-key.pem）toString（），
 cert：fs.readFileSync（cert / server-cert.pem）。toString（）
}; 
 
 var app = express.createServer（），
 https = express.createServer（httpsOpts），
 io = require（socket.io）listen（app， log：false}），
 helpers = require（./ helpers.js），
 session = new express.session.MemoryStore（），
 sessionConfig = express.session（{
 store：session，
 secret：'secret'，
 key：'express.sid'，
 cookie：{maxAge：60 * 60 * 1000} 
}） ; //通过http和https共享这个
 
 configServer（app）; 
 configServer（https）; 
 
 //获取使用带套接字的会话的SID 
 io.set（'authorization'，function（data，accept）{
 if（data.headers.cookie）{
 data.cookie = parseCookie（data.headers.cookie）; 
 data.sessionID = data.cookie ['express.sid']; 
} else {
 return accept（没有cookie发送，false）; 
} 
 
 accept（null，true）; 
}）; 
 
 io.sockets.on（'connection'，function（socket）{
 // pull out session information in here 
}）; 
 
 function configServer（server）{
 server.configure（function（）{
 server.dynamicHelpers（helpers.dynamicHelpers）; 
 server.helpers（helpers.staticHelpers ）; 
 server.set（'view options'，{layout：false}）; 
 server.set（'view engine'，'mustache'）; 
 server.set（'views '，__dirname +'/ views'）; 
 server.register（。mustache，require（'stache'））; 
 server.use（express.static（__ dirname +'/ public'） ）; 
 server.use（express.bodyParser（））; 
 server.use（express.cookieParser（））; 
 server.use（sessionConfig）; 
}）; 
} 
  

这里是客户端的相关代码：

 < script src =/ socket.io/socket.io.js\"></script> 
< script type =text / javascript> 
 $（document）.ready（function（）{
 var socket = io.connect（'http://127.0.0.1'）; //确保这不是localhost！
 socket.on（'server'，function（data）{
 //套接字逻辑在这里
}）; 
} 
< / script> 
  

更新

在使用SocketIO的页面的路由中手动（而不仅仅是会话变量）的cookie，请求的cookie部分仍然不存在。

解决方案

我从来没有想过这个，直到被告知要在客户端看初始化，我将地址从localhost更改为显式IP（127.0.0.1），并且cookies正在发送我不知道这是否明显，因为我认为localhost被映射到127.0.0.1。

I have a typical web application in Node that is utilizing the Express framework and the session middleware. I am also using Socket.io for certain dynamic parts of my application (currently, this is a chat mechanism, but that's tangential). I've been able to successfully set up sessions and socket.io on their own, but would like to combine them (EG: to associate socket chat messages with user accounts without hitting the database).

It should be noted (and I can see this being a possible issue point), I am running two express servers on different ports: one for regular HTTP traffic, and one for HTTPS traffic. However, I am having both servers undergo an idential configuration and share the same session store. Sessions do persist for me between http and https pages. The session is being set initially via a page served from HTTPS and the socket.io page is vanilla HTTP.

I'm following the guide located here to achieve what I am looking for regarding integrating socket.io and sessions. However, within the authorization function, data.headers.cookie is never set, despite the session-based portions of my application working as expected. What's more strange is that after setting a session, if I do a console.log(document.cookie) from within the browser, I get an empty string, but when I look at my cookies with the Firefox developer toolbar, there is an SID cookie for both express and connect.

Here is the relevant portion of the server code:

var config = {
    ip          : "127.0.0.1",
    httpPort    : 2031,
    httpsPort   : 2032
};

var utils       = require("./utils"),
    express     = require('express'),
    fs          = require('fs'),
    parseCookie = require('./node_modules/express/node_modules/connect').utils.parseCookie,
    routes      = require('./routes')(config); 

var httpsOpts = {
    key : fs.readFileSync("cert/server-key.pem").toString(),
    cert: fs.readFileSync("cert/server-cert.pem").toString()
 };

var app             = express.createServer(),
    https           = express.createServer(httpsOpts),
    io              = require("socket.io").listen(app, { log: false}),
    helpers         = require("./helpers.js"),
    session         = new express.session.MemoryStore(),
    sessionConfig   = express.session({
        store   : session,
        secret  : 'secret',
        key     : 'express.sid',
        cookie  : {maxAge : 60 * 60 * 1000}
    }); //share this across http and https

configServer(app);
configServer(https);

//get SID for using sessions with sockets
io.set('authorization', function(data, accept){
    if(data.headers.cookie){
        data.cookie = parseCookie(data.headers.cookie);
        data.sessionID = data.cookie['express.sid'];
    } else {
        return accept("No cookie transmitted", false);
    }

    accept(null, true);
});

io.sockets.on('connection', function(socket){
    //pull out session information in here
});

function configServer(server) {
    server.configure(function(){
        server.dynamicHelpers(helpers.dynamicHelpers);
        server.helpers(helpers.staticHelpers);
        server.set('view options', { layout: false });
        server.set('view engine', 'mustache');
        server.set('views', __dirname + '/views');
        server.register(".mustache", require('stache'));
        server.use(express.static(__dirname + '/public'));
        server.use(express.bodyParser());
        server.use(express.cookieParser());
        server.use(sessionConfig);
    });
}

And here's the relevant code on the client:

<script src="/socket.io/socket.io.js"></script>
<script type="text/javascript">
    $(document).ready(function(){
        var socket = io.connect('http://127.0.0.1'); //make sure this isn't localhost!
        socket.on('server', function(data){
            //socket logic is here
        });
    }
</script>

UPDATE

Even after setting a cookie manually (and not just a session variable) in the route for the page that is using SocketIO, the cookies portion of the request is still absent.

解决方案

I never would have thought of this until told to look at the initialization on the client side. I changed the address from localhost to the explicit IP (127.0.0.1) and the cookies are now being sent with the header in Socket.IO. I'm not sure if this is obvious or not, as I assumed localhost was being mapped to 127.0.0.1 anyway.

这篇关于无法从Socket.IO的Cookie获取Express会话ID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！