I'm building a small social networking website which has chat feature inbuilt for all the logged in users.
What i'm trying to do is uniquely and securely identify the user sending an incoming chat message on server side in node possibly using cookies. Also since this chat is only for logged in user's so i'd like to use the cookie created by my application so that both node and php can work like a Single sign on system.
Also since the pages are refreshed in the application so the socket id also changes, so need to handle this as well. Also i'm not sure if i'll need a to use redis or memorystore and which one is better suited or can i use a simple array to store this user_id, session and current socket id combination. So basically i should be able to do following.
User A sends an outgoing message to node server for user B with message body and receiver_id as the request data.
Server verifies that the sender(A) is logged in to the main PHP application and if yes then identifies the sender based on some session or cookie data to fetch his user_id from array or redis and then fetch his name and other data from database.( This is the part i'm stuck at )
Based on receiver_id server should be able to verify if the user B is signed in as well and if yes then send the message just to his current socket with message body and sender name.
I've started building the above using socket.io with express. And explored several possibilities using express-session and cookie-parser but it seems like the documentation is minimal. Besides most answers on stack-overflow are outdated and the code in answers gets stuck at some line or another due to deprecated functions. I'm expecting the best approach here with working code atleast for the step #2.
I hope this question serve almost everyone looking to build a node app with latest packages and will guide node beginners like me in the right direction.
Thanks in advance