How to solve authorization problem in Socket.io?

V

vetsmen2017-01-16 01:15:12

JavaScript

vetsmen, 2017-01-16 01:15:12

I have express authorization written (via passport.js), sockets receive authorization via passport.socketio when calling io.use:

io.use(passportSocketIo.authorize({
  cookieParser: cookieParser, 
  key:          'express.sid',
  secret:       'keyboard cat', 
  store:        sessionStore,      
}));

The problem is this: when I am in two tabs and exit the site in one, the socket continues to work in the other and writes true in request (socket.request.user.logged_in), so all actions are performed as if the user is still authorized.
I want to do this: on logout, call the passportSocketIo.authorize method so that it overrides socket.request, but how do I do it? And in general, what are your thoughts on solving this problem? Thank you!

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

E

Evgeniy Odinets, 2017-01-16
@evgeniy2194

When you connect in the next tab, you open a new connection with authorization.
As an option:
1. Do not let the user in another time. When entering a new window, either disconnect the old connection or report that it is already connected.
2. Send a request to the user that he has logged out, and accordingly log him out in all his sockets.