問題描述
如果登錄用戶導航到站點的某個區域,該區域將使用 WebSockets,我如何獲取該會話 ID,以便在服務器上識別他?
If a logged in user navigates to a certain area of the site which is to use WebSockets, How can I grab that session Id so I can identify him on the server?
我的服務器基本上是一個無休止的 while 循環,它保存有關所有已連接用戶和內容的信息,因此為了獲取該 ID,我認為唯一合適的時刻是握手,但不幸的是,握手的請求標頭不包含 cookie 數據:
My server is basically an endless while loop which holds information about all connected users and stuff, so in order to grab that id I figured the only suitable moment is at the handshake, but unfortunately the handshake's request headers contain no cookie data:
請求標頭
接受:text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
接受編碼:gzip、deflate接受語言:en-US,en;q=0.5
緩存控制:無緩存
連接:保持連接,升級
DNT:1
主持人:192.168.1.2:9300
來源:http://localhost
編譯指示:無緩存
Sec-WebSocket-Key:5C7zarsxeh1kdcAIdjQezg==
Sec-WebSocket-版本:13
升級:websocket
用戶代理:Mozilla/5.0(Windows NT 6.1;WOW64;rv:27.0) Gecko/20100101 Firefox/27.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.5
Cache-Control: no-cache
Connection: keep-alive, Upgrade
DNT: 1
Host: 192.168.1.2:9300
Origin: http://localhost
Pragma: no-cache
Sec-WebSocket-Key: 5C7zarsxeh1kdcAIdjQezg==
Sec-WebSocket-Version: 13
Upgrade: websocket
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
rv:27.0) Gecko/20100101 Firefox/27.0
那么我如何才能真正獲取該 ID?我以為我可以以某種方式強制 javascript 將 cookie 數據與該請求一起發送,但 2014 年任何有自尊的網站都會有 httpOnly 會話 cookie,這樣就行不通了.非常感謝任何幫助!
So how can I really grab that id? I thought I could somehow force javascript to send cookie data along with that request but any self-respecting website in 2014 will have httpOnly session cookies so that wont work out. Any help is greatly appreciated!
這是我正在使用的服務器的鏈接:https://github.com/Flynsarmy/PHPWebSocket-Chat/blob/master/class.PHPWebSocket.php(感謝接受的答案)
Here's a link for the server I'm using: https://github.com/Flynsarmy/PHPWebSocket-Chat/blob/master/class.PHPWebSocket.php (thanks to accepted answer)
推薦答案
http only cookies 以及安全 cookies 與 websocket 配合良好.
http only cookies as well as secure cookies work fine with websocket.
某些 websocket 模塊選擇忽略請求中的 cookie,因此您需要閱讀模塊的規范.
Some websocket modules have chosen to ignore cookies in the request, so you need to read the specs of the module.
嘗試:websocket 節點:https://github.com/Worlize/WebSocket-Node.
Try: websocket node: https://github.com/Worlize/WebSocket-Node.
確保使用安全的 websocket 協議作為 wss://xyz.com
Make sure to use the secure websocket protocol as wss://xyz.com
此外,chrome 將不會在檢查元素"網絡標簽中顯示 cookie.
Also, chrome will not show the cookies in the "inspect element" Network tab.
在節點中嘗試轉儲請求,例如:
In node try dumping the request, something like:
wsServer.on('request', function(request) {
console.log(request);
console.log(request.cookies); // works in websocket node
}
如果您在日志中的某處看到 cookie ......您就知道了.
If you see the cookies somewhere in the log...you've got it.
如果您使用僅安全的 cookie,則需要使用安全的網絡套接字:wss://
If you're using secure-only cookies, you need to be in secure web sockets: wss://
cookie 在初始請求中傳遞.Chrome 不會(一直)顯示它,因為有時它會顯示省略 cookie 信息的臨時標頭.
The cookies are passed in the initial request. Chrome does not show it (all the time) as sometimes it shows provisional headers which omits cookie information.
由 websocket 服務器對 cookie 做某事"并將它們附加到每個請求.
It is up to the websocket server to do 'something' with the cookies and attach them to each request.
查看你服務器的代碼:https://github.com/Flynsarmy/PHPWebSocket-Chat/blob/master/class.PHPWebSocket.php 我在任何地方都沒有看到cookie"這個詞,所以它沒有被很好地打包并附加到每個 websocket 連接.我可能是錯的,這就是為什么您可能想要聯系開發人員并查看整個標頭是否附加到每個連接以及如何訪問它.
Looking at the code of your server: https://github.com/Flynsarmy/PHPWebSocket-Chat/blob/master/class.PHPWebSocket.php I do not see the word "cookie" anywhere, so it is not being nicely packaged and attached to each websocket connection. I could be wrong, that's why you might want to contact the developer and see if the whole header is being attached to each connection and how to access it.
我可以肯定地說:如果您使用安全 cookie,則 cookie 將不會被傳輸,除非您使用安全 websocket wss://mysite.com.普通的 ws://mysite.com 將不起作用.
This I can say for certain: If you're using secure cookies then cookies will not be transmitted unless you use the secure websocket wss://mysite.com. Plain ws://mysite.com will not work.
此外,只有在域與網頁相同的情況下,cookie 才會在請求中傳輸.
Also, cookies will only be transmitted in the request if the domain is the same as the webpage.
這篇關于在 websocket 握手時使用會話數據的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!