0

I've just configured my express (4.x) + socket.io(1.x) + angular.js app and my app looks like

Express

app.use(session({secret:"mysecret",store:new RedisStore({ host: 'localhost', port: 6379, client:       redis }), cookie: {httpOnly: false,secure: false}}));

Socket.io configuration

function onAuthorizeSuccess(data, accept){
    console.log('successful connection to socket.io');

    // If you use socket.io@1.X the callback looks different
    accept();
}

function onAuthorizeFail(data, message, error, accept){
    if(error)  throw new Error(message);
    return accept();
}

io.use(passportSocketIo.authorize({
    passport:passport,
    cookieParser: cookieParser,
    key:         'connect.sid',       // the name of the cookie where express/connect stores its     session_id
    secret:      'mysecret',    // the session_secret to parse the cookie
    store:       new RedisStore({ host: 'localhost', port: 6379, client: redis }),
    success:     onAuthorizeSuccess,  // *optional* callback on success - read more below
    fail:        onAuthorizeFail     // *optional* callback on fail/error - read more below
}));

Everything is working properly, sessions are stored in redis, my express application says req.isAutheticated() = true.

But: 

io.sockets.on('connection', function (socket) {
    console.log(socket.request.user);


    socket.on('disconnect',function(){
        console.log('User disconnected');
    });
});

says logged_in = false.

My angular code looks like (getCookie('connect.sid') has right value) 

var socket = io.connect('ws://chipso.eu:3000/',{
    query: 'session_id=' + getCookie('connect.sid')
});

return {
    on: function (eventName, callback) {
        socket.on(eventName, function () {
            var args = arguments;
            $rootScope.$apply(function () {
                callback.apply(socket, args);
            });
        });
    },
    emit: function (eventName, data, callback) {
        socket.emit(eventName, data, function () {
            var args = arguments;
            $rootScope.$apply(function () {
                if (callback) {
                    callback.apply(socket, args);
                }
            });
        })
    }
};

My rediss store looks like

{"cookie":{"originalMaxAge":2591999999,"expires":"2014-10-20T19:06:23.097Z","secure":false,
"httpOnly":false,"path":"/"},"passport":{"user":{"id":1,"name":"Filip Lukáč","first_name":"Filip",
"last_name":"Lukáč","gender":"male","reg_date":"2014-09-15 11:57:34.079","username":"filip.lukac@gmail.com",
"role":"admin","photo":"https://fbcdn-profile-a.akamaihd.net/hprofile-ak-xpa1/v/t1.0-1/p100x100/
10645292_334651976702411_6704623329146986982_n.jpg?oh=a5ed18ae84dfc3909b4bfb036a0a2b8d&
oe=548BC691&__gda__=1419568684_70705b96aaa90cf986992372925d442e","logged":true}}}

Here is my debug log.

 _query: 
   { session_id: 's:uhckQqqa4XdGEtOHg0EwrumGdRDYoa9C.QEWbVG1/w3aqH7WJ97YSTisZuKlZvQd1rYJvV92L2Gs',
     EIO: '3',
     transport: 'polling',
     t: '1411242792055-0' },
  res: 
   { domain: null,
    _events: { finish: [Function] },
     _maxListeners: 10,
     output: [],
     outputEncodings: [],
     writable: true,
     _last: false,
     chunkedEncoding: false,
     shouldKeepAlive: true,
     useChunkedEncodingByDefault: true,
     sendDate: true,
     _headerSent: true,
     _header: 'HTTP/1.1 200 OK\r\nContent-Type: application/octet-stream\r\nContent-Length: 101\r\nAccess-Control-Allow-Origin: *\r\nSet-Cookie: io=ET-vPrTRy078bMyiAAAD\r\nDate: Sat, 20 Sep 2014 19:53:10 GMT\r\nConnection: keep-alive\r\n\r\n',
     _hasBody: true,
     _trailer: '',
     finished: true,
     _hangupClose: false,
     socket: null,
     connection: null,
     statusCode: 200 },
  cleanup: [Function: cleanup],
  read: [Function],
  socketio_version_1: true,
  cookie: { 'connect.sid': 'uhckQqqa4XdGEtOHg0EwrumGdRDYoa9C' },
  sessionID: 's:uhckQqqa4XdGEtOHg0EwrumGdRDYoa9C.QEWbVG1/w3aqH7WJ97YSTisZuKlZvQd1rYJvV92L2Gs',
  user: { logged_in: false } }

No session found, { logged_in: false }. And message in my onAuthorizeFail says = No session found.

I cant figure out, where is problem... Could anyone help me ?

I just want to see if my user is authenticated

Martijn Pieters
  • 1,048,767
  • 296
  • 4,058
  • 3,343
Filip Lukáč
  • 100
  • 1
  • 2
  • 13

1 Answers1

0

EDIT:

I used to create pull-request. If someone is using RedisStore, check this out.

Pull-request

Problem is in the passport.socketio library

https://github.com/jfromaniello/passport.socketio/blob/master/lib/index.js#L57 Here, When I'm trying to find my session in RedisStore.

sessionID = data.query.session_id.

But sessions are stored by 

session.cookie[auth.key].

So I've rewritten this line from

data.sessionID = (data.query && data.query.session_id) || (data._query && data._query.session_id) || data.cookie[auth.key] || '';

to

data.sessionID = data.cookie[auth.key] || '';

WARNING: It might be resolved just for RedisStore().

Filip Lukáč
  • 100
  • 1
  • 2
  • 13
  • Your "fix" only removes the option for reading the session ID from `data.query.session_id` and `data._query.session_id`. If they were empty to begin with your `sessionID` would have been received from `data.cookie[auth.key]` anyways. – vesse Sep 24 '14 at 06:35
  • @vesse is right.. the only way this can change something for you is if you are sending `session_id`. – José F. Romaniello Oct 06 '14 at 11:54