2015-02-11 10:41
浏览 237

Golang WebSocket应用程序中的身份验证

I am trying to implement user authentication in an application that primarily uses WebSockets, but I am unsure how to begin.

I am using the Gorilla mux and websocket packages.

I have thought about using the method described here (files main.go and auth.go), but does this approach secure against authenticated users somehow hijacking each others sockets like described in this article?

Can someone suggest a good method or package(s) in Go?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dtrnish3637
    dtrnish3637 2015-03-20 16:41

    Authenticate as you would for a plain HTTP request before upgrading the connection to the WebSocket protocol. Use whatever methods or packages you would use for plain HTTP requests.

    A WebSocket connection can be hijacked to the extent that a plain HTTP connection can be hijacked. The WebSocket protocol does not introduce any new issues here.

    Socket.io is a layer above WebSockets, long-polling and other techniques for sending events from the server to a browser client. Issues with Socket.io do not necessarily apply to direct use of a WebSocket.

    点赞 评论