G
G
galkinrost2012-06-07 10:14:14
Node.js
galkinrost, 2012-06-07 10:14:14

How to properly organize user authentication when working with Sockets?

In the process of developing a service in which it is supposed to implement real-time communication between users, a question arose related to authentication. Technically, the chat will be organized using sockets, and, in fact, the whole process can be divided into three stages:
1. A connection (Socket) is established.
And within this connection:
2. The user sends a message.
3. The user receives a message.

User login and password are stored in session variables/cookies.

So here's the question itself: is it worth authentication at each stage, i.e. when sending a message and receiving, or is it enough just when creating a Socket? Or perhaps there is some other solution?
Authentication is a request to the database to verify the username and password.

Answer the question

In order to leave comments, you need to log in

4 answer(s)
J
Jurik, 2012-06-07
@Jurik

I would suggest the following scheme:
1. The client and the server form a common key.
2. The client encrypts and sends the password and login to the server.
3. The server checks for the existence of this user.
4. If the login and password match, the client is given a session label.
5. When sending a message, the label is also sent, if it is “alive”, then the message finds the addressee.
6. The label is updated from time to time.

N
Nikolai Vasilchuk, 2012-06-07
@Anonym

If you checked the user and opened a session for him, why go into the database with each message? Check session.

K
Keenest, 2012-06-07
@Keenest

With authentication passed (here you can and should get into the database), a handshake.id is assigned to the socket, which is valid for the entire connection time, and different socket.id - on each of the open pages.
It makes no sense to update the "tags", as suggested above, a unique handshake ID is enough.

A
Artm, 2012-06-07
@Artm

2 servers
Login server, accepts a connection, checks the user. If the login/password is correct, it generates a key and switches the client to the second server, which, having received an affirmative answer from the 1st, starts to perform the necessary actions.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question