0

so I have 2 pages: Chat page which runs on Node.js and Socket.io (WebSockets). And main page where user logins etc... I want to make it so when user logins on main page -> it validates details -> then stores user ID in session and goes into chat where he's identified by his userID.

Oh yeah and user accounts are stored on MySQL.

Improve this question

2 Answers 2

Reset to default
1

You can parse PHP (file-based) sessions from node with a module like groan. However, a better solution is probably to use a better session store such as redis. An example of sharing sessions between node and PHP using redis can be found here.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Okay. Cookies mechanism was created to communicate with different environments. Let's use it..

PHP:

Validate user data and save it into DB and then save id to cookies.

NodeJS:

Read that id from cookies and get data from DB (MySQL provider for nodejs)

Improve this answer

2 Comments

I had that approach in mind but: What stops user from modifying cookie, setting ID to other user and using his personality to chat?
Then you need to more advanced way -- tokens. Set ID and token (sha1 hash for example). Store both of these in DB and then try to find entry equals to it. Hacker will must to use brute-force attack (not dangerous) to hack this. You can even add expire time for tokens

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.