使用socket.io，如何处理非浏览器客户端的身份验证？

对于这样的尝试，您需要将expressID钩入socketIO连接的sessionID中。对于express 3来说，这是一个完全不同的故事，通常并不容易。几个月前，我找到了一种方法来实现这一点。

//directories
var application_root = __dirname,

//general require
var express = require('express'),
 connect = require('connect'),
 http = require('http');

//create express app
var app = express();

//create sessionStore
var sessionStore = new connect.session.MemoryStore();

//setup sessionKey
var secretKey = 'superdupersecret';


//configure express
app.configure(function() {

    //use body parser
    app.use(express.bodyParser());

    //override methods
    app.use(express.methodOverride());

    //cookies and sessions
    app.use(express.cookieParser(secretKey));
    app.use(express.session({
        store: sessionStore,
        secret: secretKey,
        key: 'express.sid'
    }));

    //router
    app.use(app.router);
});

//create the http server link to the new data http object of express 3
server = http.createServer(app);

//make server listen to 8080 and localhost requests
server.listen(8080, 'localhost', function() {
    console.log('Express Server running and listening');
});

//bind socket.io to express server by listening to the http server object
var io = require('socket.io').listen(server);

//set the authorization through cookies 
io.set('authorization', function(data, accept) {

//check if header data is given from the user
if (!data.headers.cookie) {

        //return false if no cookie was given
        return accept('Session cookie required!', false);
    }

    //parse cookie into object using the connect method
    //NOTE: this line is a hack, this is due to the fact
    //that the connect.utils.parseCookie has been removed
    //from the current connect module and moved to an own
    //instance called 'cookie'.
    data.cookie = connect.utils.parseSignedCookies(require('cookie').parse(decodeURIComponent(data.headers.cookie)), secretKey);

    //save session id based on exress.sid
    data.sessionID = data.cookie['express.sid'];

    //get associated session for this id
    sessionStore.get(data.sessionID, function(err, session) {
        if (err) {
            //there was an error
            return accept('Error in session store.', false)
        } else if (!session) {
            //session has not been found
            return accept('Session not found', false);
        }

        //successfully got the session, authed with known session
        data.session = session;

        //return the accepted connection
        return accept(null, true);
    });

});

//connection handler for new io socket connections
io.sockets.on('connection', function(socket) {

    //parse handshake from socket to io
    var hs = socket.handshake;

    //show session information
    console.log('New socket connection with sessionID ' + hs.sessionID + ' connected');

});

//handle user disconnect and clear interval
io.sockets.on('disconnect', function() {

    //show disconnect from session
    console.log('Socket connection with sessionID ' + hs.sessionID + ' disconnected');

});

require('socket.io-client/node_modules/xmlhttprequest') 

替代

require ('xmlhttprequest');

所以看起来唯一的解决方案就是在URL查询字符串中添加您的身份验证数据。有一个开放票务来允许其他可能性，但看起来开发人员更倾向于仅使用查询字符串。