Is there a way to easily pass an authentication cookie when handshaking a WebSocket connection to socket.io? I currently have to do it separately, like so:
socket = new io.Socket(document.location.hostname);
socket.addEvent("connect", function()
{
// Send PHP session ID, which will be used to authenticate
var sessid = readCookie("PHPSESSID");
this.send("{'action':'authenticate','sessionid':'"+sessid+"'}");
});
WebSockets do have support for cookies since they are based on HTTP, but a quick browse through the source of Socket.IO revealed that there is no support for this built in.
So using cookies directly is not a feasible solution in this case, also, since you're using Socket.IO, it's not guaranteed that users will actually connect via a WebSocket.
In the case that a connection uses a flash socket, it's really hard to make Flash send the Browser's cookies instead of it's own set, so even if you would send a cookie directly, it wouldn't get set in the Browser in case of a flask socket connection.
Currently there's no support for this built into Socket.IO, so flash sockets will just fail.
You can read about that in this issue, and here's a question about the flash cookie problem.
Best solution is still to make it part of your own protocol.