How can I get (Express's) sessionID for a websocket connection

Question

How can I get (Express's) sessionID for a websocket connection

I'm using WebSockets npm install ws on the same port as Express is running.

I'd like to pick up the associated 'sessionID' from the HTTP connection which had just been made and upgraded to a WebSocket.

// start express listening
server.listen(conf.server.port, conf.server.host);

var WebSocketServer = require('ws').Server
  , wss = new WebSocketServer({server: server});

wss.on('connection', function(ws) {
    var sessionID = // how do I get this?
    ws.on('message', function(message) {
        console.log('received: %s', message);
    });
    ws.send('something');
});

How can this be done?

(I currently work around the issue by sending the sessionID in the page, but this is ugly.)

node.js
websocket
express

Answer 1

Parse cookie
Get session id

Get session data

var express = require('express');
var parseCookie = express.cookieParser();
var MemoryStore = express.session.MemoryStore;

var store = new MemoryStore();

app.configure(function() {
    app.use(express.session({ store: store, secret: '123456', key: 'sid' }));
});

wss.on('connection', function(ws) {
    parseCookie(ws.upgradeReq, null, function(err) {
        var sessionID = ws.upgradeReq.cookies['sid'];
        store.get(sessionID, function(err, session) {
            // session
        });
    }); 

    ws.on('message', function(message) {
        console.log('received: %s', message);
    });
    ws.send('something');
});

Answer 2

This was a nightmare, finally got it working for myself using signed cookies!

Set up your store (example memory store):

var MemoryStore = express.session.MemoryStore;
store = new MemoryStore();

Expose parseCookie as global (if you need it in other modules) like this in app / server js files:

app.use(parseCookie = express.cookieParser('secret'));

Now set up sockets:

//this method gets called later
var ensureAuthenticatedSocket = function(handshake, callback) {
    cookie = cookieParser(handshake, null, function(err) {
        var sessionID = handshake.signedCookies['sid'];
        store.get(sessionID, function(err, session) {
            callback(err, session);
        });
    });
};
//listen time
io = io.listen(server);
//configure authentication
io.configure(function() {
    io.set('authorization', function(handshake, callback) {
        //call the method with handshake as parameter, wait for callback
        ensureAuthenticatedSocket(handshake, function(err, session) {
            if (!err && session) {
                //no error + found session = wicked!
                callback(null, true);
            } else {
                callback(null, false);
            }
        });
    });
});
...
//more socket code