You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Hi and thanks for this useful module. We are upgrading from v2 to v4 and have been struggling to get the behavior we had before, would love some input.
We have a Node.js/Angular app with many dynamic subdomains, and we have a separate Node.js websockets app. In v2 we did not specify the cookie domain or CORS origin and it all worked, with each subdomain getting its own subdomain-scoped cookie. This scope is important because users have different logins for different subdomains.
In v4 we haven't been able to achieve that same behavior. The closest we have come is if we specify the cookie domain and CORS origin as the domain (not the subdomain), socket.request.user is there. That's not a workable solution though, because that stops people being able to have different sessions for different subdomains.
If we do not specify the cookie domain and CORS origin, the websocket connection succeeds but it does not contain socket.request.user.
It works properly on localhost during development, it is only when subdomains are introduced that it breaks.
To Reproduce
Socket.IO server version: 4.5.1+
Websockets Server
constcookieSettings: CookieOptions={};constsessionMiddleware=session({cookie: cookieSettings,resave: true,saveUninitialized: true,store: connectMongoStore,name: 'shared_session',secret: 'foo'});app.use(sessionMiddleware);app.use(passport.initialize());app.use(passport.session());passport.serializeUser(function(user: Partial<IUserSchema>,done){done(null,user._id);});passport.deserializeUser(function(id: string,done){User.findOne({_id: id},function(err,user){
...
done(null,user);});});// withCredentials strategy from https://socket.io/docs/v4/client-options/#withcredentialsconstcorsOptions: cors.CorsOptions={credentials: true,// the following function is from https://socket.io/docs/v4/server-options/#corsorigin: (_req,callback)=>{callback(null,true);},};constio=newServer(server,{cookie: true,cors: corsOptions,});// Register middleware for all namespaces, approach from https://socket.io/how-to/register-a-global-middleware// Attempts to combine the above approach with https://socket.io/how-to/use-with-passport// In v2 this section was using the passport.socketio module which has since been deprecatedconstwrap=middleware=>(socket: {request: any;},next: any)=>middleware(socket.request,{},next);constdefaultNamespace=io.of('/');constbuildNamespace=io.of('/build');for(constnsof[defaultNamespace,buildNamespace]){ns.use(wrap(sessionMiddleware));ns.use(wrap(passport.initialize()));ns.use(wrap(passport.session()));}
Expected behavior
I expect socket.request.user to be populated as it was in v2
Platform:
Device: Tried on MacBook Pro, Heroku, Azure
OS: macOS, Linux, Windows
Additional information
To get from v2 to v4 there were some other related dependency changes. The list is: ngx-socket-io from 3.4.0 to 4.3.1 passport.socketio replaced with the syntax from jfromaniello/passport.socketio#148 (comment) socket.io from 2.5.0 to 4.5.1 (also tried 4.7.5) socket.io-client from 2.5.0 to 4.5.1 (also tried 4.7.5) socket.io-redis from 5.4.0 to @socket.io/redis-adapter@7.2.0 redis from 3.1.2 to 4.6.13
Hopefully I shared all the relevant parts of code, lmk if I missed anything.
The text was updated successfully, but these errors were encountered:
Describe the bug
Hi and thanks for this useful module. We are upgrading from v2 to v4 and have been struggling to get the behavior we had before, would love some input.
We have a Node.js/Angular app with many dynamic subdomains, and we have a separate Node.js websockets app. In v2 we did not specify the cookie domain or CORS origin and it all worked, with each subdomain getting its own subdomain-scoped cookie. This scope is important because users have different logins for different subdomains.
In v4 we haven't been able to achieve that same behavior. The closest we have come is if we specify the cookie domain and CORS origin as the domain (not the subdomain),
socket.request.user
is there. That's not a workable solution though, because that stops people being able to have different sessions for different subdomains.If we do not specify the cookie domain and CORS origin, the websocket connection succeeds but it does not contain
socket.request.user
.It works properly on localhost during development, it is only when subdomains are introduced that it breaks.
To Reproduce
Socket.IO server version:
4.5.1+
Websockets Server
Node.js server (where login happens)
Socket.IO client version:
4.5.1+
Client
Expected behavior
I expect
socket.request.user
to be populated as it was in v2Platform:
Additional information
To get from v2 to v4 there were some other related dependency changes. The list is:
ngx-socket-io
from3.4.0
to4.3.1
passport.socketio
replaced with the syntax from jfromaniello/passport.socketio#148 (comment)socket.io
from2.5.0
to4.5.1
(also tried4.7.5
)socket.io-client
from2.5.0
to4.5.1
(also tried4.7.5
)socket.io-redis
from5.4.0
to@socket.io/redis-adapter@7.2.0
redis
from3.1.2
to4.6.13
Hopefully I shared all the relevant parts of code, lmk if I missed anything.
The text was updated successfully, but these errors were encountered: