I asked this question on Github socketio-jwt . 3 days later no answer, and couldnt find any answers on google either.
Is it secure enough to check token on connection? do I need to check token on every event? Eg check on every getNews event
socket.on("getNews", function(data, callback){
// check token and if valid return news via callback
});
vs
Check on connection/reconnection
io.use(function(socket, next) { // using general example not socketio-jwt
// check token and if valid proceed
});
how to know which user the particular token belongs to? One way would be to add id to payload, however, is it best practice?
I would check the token on every event, to make sure.
Yes, adding a user ID to your payload is fine-- as long as your secret stays secret.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.