I'm pretty sure this is a simple question, but I have no idea where the socket.io docs are and the one at .io/ don't really help.
So let's say I have a socket.io http server and written a website to connect to it.
How do I provide protection to the server so that unauthorized people(people who connected not through the website) will be blocked/dropped/banned.
How do I end a socket connection on the server side? So If I have
io.sockets.on('connection', function (socket) { socket.on('end', function() { var i = global_sockets_list.indexOf(socket); global_sockets_list.splice(i, 1); }); socket.emit('end'); // Doesn't work, just sends data socket.end(); //error });
How do I end a socket connection? (The connect then disconnect above is for testing)
I'm pretty sure this is a simple question, but I have no idea where the socket.io docs are and the one at http://labs.learnboost.com/socket.io/ don't really help.
So let's say I have a socket.io http server and written a website to connect to it.
How do I provide protection to the server so that unauthorized people(people who connected not through the website) will be blocked/dropped/banned.
How do I end a socket connection on the server side? So If I have
io.sockets.on('connection', function (socket) { socket.on('end', function() { var i = global_sockets_list.indexOf(socket); global_sockets_list.splice(i, 1); }); socket.emit('end'); // Doesn't work, just sends data socket.end(); //error });
How do I end a socket connection? (The connect then disconnect above is for testing)
Share Improve this question asked Sep 20, 2011 at 23:25 DerekDerek 12.4k31 gold badges106 silver badges166 bronze badges 1- how are people connecting in an unauthorized fashion. I am working with socket.io and was curious to make sure the web server with socket.io is secured. – j10 Commented Dec 4, 2015 at 14:01
2 Answers
Reset to default 19Try calling:
socket.disconnect('unauthorized');
or
socket.close();
EDIT: You might be able to check the referer header. Look at Socket.io Security Issues for more info.
On the server side there is a socket.disconnect method that takes a boolean meaning close the underlying transport connection. Here's the source code with docs as of July 2010:
/**
* Disconnects this client.
*
* @param {Boolean} if `true`, closes the underlying connection
* @return {Socket} self
* @api public
*/
Socket.prototype.disconnect = function(close){
if (!this.connected) return this;
if (close) {
this.client.disconnect();
} else {
this.packet({ type: parser.DISCONNECT });
this.onclose('server namespace disconnect');
}
return this;
};
So you should call socket.disconnect(true);