0

so I have 2 pages: Chat page which runs on Node.js and Socket.io (WebSockets). And main page where user logins etc... I want to make it so when user logins on main page -> it validates details -> then stores user ID in session and goes into chat where he's identified by his userID.

Oh yeah and user accounts are stored on MySQL.

arleitiss
  • 1,294
  • 1
  • 14
  • 36

2 Answers2

1

You can parse PHP (file-based) sessions from node with a module like groan. However, a better solution is probably to use a better session store such as redis. An example of sharing sessions between node and PHP using redis can be found here.

Community
  • 1
  • 1
mscdex
  • 99,783
  • 13
  • 184
  • 147
0

Okay. Cookies mechanism was created to communicate with different environments. Let's use it..

PHP:

Validate user data and save it into DB and then save id to cookies.

NodeJS:

Read that id from cookies and get data from DB (MySQL provider for nodejs)

Max
  • 1,744
  • 12
  • 22
  • I had that approach in mind but: What stops user from modifying cookie, setting ID to other user and using his personality to chat? – arleitiss Oct 13 '14 at 00:01
  • Then you need to more advanced way -- tokens. Set ID and token (sha1 hash for example). Store both of these in DB and then try to find entry equals to it. Hacker will must to use brute-force attack (not dangerous) to hack this. You can even add expire time for tokens – Max Oct 13 '14 at 00:04