Sessions for Websockets

Question

Sessions for Websockets

egobrain opened this issue 13 years ago · comments

Yakov commented 13 years ago

That's really good idea to create session server,
but can you create it for misultin_ws module, please ?

Roberto Ostinelli · Answer 1 · Fri Dec 02 2011 16:03:00 GMT+0800 (China Standard Time)

hi egobrain, why would you need that? websockets are (kinda) persistent by definition.

could you expand on your needs?

Yakov · Answer 2 · Fri Dec 02 2011 16:35:07 GMT+0800 (China Standard Time)

In my service i want accept connection only from authorized users.
Information about user authorization can be stored in session.
Am i right? Or there is a better way ?

Roberto Ostinelli
reply@reply.github.com
:

hi egobrain, why would you need that? websockets are persistent by
definition...

Reply to this email directly or view it on GitHub:

#80 (comment)

Roberto Ostinelli · Answer 3 · Sat Dec 03 2011 01:40:55 GMT+0800 (China Standard Time)

there are many different ways, all of which are outside the scope of this discussion :)

i get you are requesting to make sessions accessible to websockets, so i'll dig into that.

thank you,

r.

Yakov · Answer 4 · Sat Dec 03 2011 02:10:53 GMT+0800 (China Standard Time)

Thank you very much.
And i've got some more ideas :) i'll write about them later.

Roberto Ostinelli
reply@reply.github.com
:

there are many different ways, all of which are outside the scope of this
discussion :)

i get you are requesting to make sessions accessible to websockets, so
i'll dig into that.

thank you,

r.

Reply to this email directly or view it on GitHub:

#80 (comment)

Roberto Ostinelli · Answer 5 · Sun Dec 04 2011 10:47:36 GMT+0800 (China Standard Time)

hi egobrain,

i've been thinking about this.

sessions are a 'trick' to circumvent the fact that http is a stateless protocol. thus, most implementations (misultin's one too) generally use a cookie to save session ids, used then to retrieve data saved on the server.

websockets, on the contrary, are persistent connections, which can easily keep the state in the process which is handling them. moreover, cookies are generally out of the game.

therefore, even if conceptually these interactions are very different, a practical need i can try to understand from your request may be:

. save user authentication info (such as her name) during normal http authentication requests;
. when a websocket is used, allow it to retrieve this info too.

since websockets cannot normally create cookies, the requested functionality can only read existing sessions, and not create new ones.

implemented: dce39c9

please let me know if this works for you.

r.

Yakov · Answer 6 · Sun Dec 04 2011 22:23:57 GMT+0800 (China Standard Time)

Yes, that's it. Thank you!