Socket.IO 1.0 cors not work

[shellka]

Hello.
If we are using query to set session_id we should parse it like singed cookie.
query: 'session_id=' + readCookie('your.sid-key') - we have secured sid there.
and on server side we have too secured: (data._query && data._query.session_id)

[jfromaniello]

We don't support sending the cookie in the querstring, but the session_id. Feel free to send a PR handling a querystring like ?cookie=x.

I will be ok to add support for this although I think is not a good practice to do this.

If you need support for CORS I will rather use JWT:

https://auth0.com/blog/2014/01/15/auth-with-socket-io/

[fenwick67]

The Readme.md section on the CORS workaround basically says "send the cookie".

socket = io.connect('//' + window.location.host, {
  query: 'session_id=' + readCookie('your.sid-key')
}); 

But really, you need to send the session ID. This is working client-side code:

socket = io.connect('//' + window.location.host, {
  query: 'session_id=' + readCookie('your.sid-key').replace('s:','').split('.')[0]
}); 

Also on the server-side you have to make sure to configure express-session to not use HTTP cookies, otherwise the JS on your client can't read the cookie. You may want to put that in the readme as well.

app.use(session({ 
  secret: mySecret,
  cookie: {maxAge: resetTime,httpOnly:false},
  key:'your.sid-key',
  store:sessionStore
}));

[EdiHadzic]

Thanks this answer helped me i also noticed some performance issues when using io.connect('//' + window.location.host,...) it is much more performance wise to change it to actual link like io.connect("http://localhost:5000, {...})

[EdiHadzic]

Also for some reason i couldnt log out when using io.connect('//' + window.location.host,...) my store wasnt getting updated but changing to localhost fixed it