2015-02-11 10:41

Golang WebSocket应用程序中的身份验证


I am trying to implement user authentication in an application that primarily uses WebSockets, but I am unsure how to begin.

I am using the Gorilla mux and websocket packages.

I have thought about using the method described here (files main.go and auth.go), but does this approach secure against authenticated users somehow hijacking each others sockets like described in this article?

Can someone suggest a good method or package(s) in Go?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答


  • dtrnish3637 dtrnish3637 6年前

    Authenticate as you would for a plain HTTP request before upgrading the connection to the WebSocket protocol. Use whatever methods or packages you would use for plain HTTP requests.

    A WebSocket connection can be hijacked to the extent that a plain HTTP connection can be hijacked. The WebSocket protocol does not introduce any new issues here.

    Socket.io is a layer above WebSockets, long-polling and other techniques for sending events from the server to a browser client. Issues with Socket.io do not necessarily apply to direct use of a WebSocket.

    点赞 评论 复制链接分享