douchigu1723 2014-03-09 17:13
浏览 174
已采纳

在websocket握手上使用会话数据

If a logged on user navigates to a certain area of the site which is to use WebSockets, How am I to grab that session Id so I can identify him on the server?

My server is basically an endless while loop which holds information about all connected users and stuff, so in order to grab that id I figured the only suitable moment is at the handshake, but unfortunately the handshake's request headers contain no cookie data:

Request Headers

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5
Cache-Control: no-cache
Connection: keep-alive, Upgrade
DNT: 1
Host: 192.168.1.2:9300
Origin: http://localhost
Pragma: no-cache
Sec-WebSocket-Key: 5C7zarsxeh1kdcAIdjQezg==
Sec-WebSocket-Version: 13
Upgrade: websocket
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0

So how can I really grab that id? I thought I could somehow force javascript to send cookie data along with that request but any self-respecting website in 2014 will have httpOnly session cookies so that wont work out. Any help is greatly appreciated!

Here's a download link for the files of the server I'm using http://www.4shared.com/rar/7RIos1tuce/PHPWebSocket-Chat-master.html

  • 写回答

1条回答 默认 最新

  • dongping9475 2014-03-09 19:02
    关注

    http only cookies as well as secure cookies work fine with websocket.

    Some websocket modules have chosen to ignore cookies in the request, so you need to read the specs of the module.

    Try: websocket node: https://github.com/Worlize/WebSocket-Node.

    Make sure to use the secure websocket protocol as wss://xyz.com

    Update:

    Also, chrome will not show the cookies in the "inspect element" Network tab.

    In node try dumping the request, something like:

     wsServer.on('request', function(request) {
       console.log(request);
       console.log(request.cookies); // works in websocket node
     }
    

    If you see the cookies somewhere in the log...you've got it.

    If you're using secure-only cookies, you need to be in secure web sockets: wss://

    Update2:

    The cookies are passed in the initial request. Chrome does not show it (all the time) as sometimes it shows provisional headers which omits cookie information.

    It is up to the websocket server to do 'something' with the cookies and attach them to each request.

    Looking at the code of your server: https://github.com/Flynsarmy/PHPWebSocket-Chat/blob/master/class.PHPWebSocket.php I do not see the word "cookie" anywhere, so it is not being nicely packaged and attached to each websocket connection. I could be wrong, that's why you might want to contact the developer and see if the whole header is being attached to each connection and how to access it.

    This I can say for certain: If you're using secure cookies then cookies will not be transmitted unless you use the secure websocket wss://mysite.com. Plain ws://mysite.com will not work.

    Also, cookies will only be transmitted in the request if the domain is the same as the webpage.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 想问一下stata17中这段代码哪里有问题呀
  • ¥15 flink cdc无法实时同步mysql数据
  • ¥100 有人会搭建GPT-J-6B框架吗?有偿
  • ¥15 求差集那个函数有问题,有无佬可以解决
  • ¥15 【提问】基于Invest的水源涵养
  • ¥20 微信网友居然可以通过vx号找到我绑的手机号
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决