How to authenticate Socket.IO against PHP session id across domains

Question

I have a node/Socket.IO setup on node.mydomain.com, and a Apache/PHP stack on www.mydomain.com.

Presently I'm doing authentication with something like this:

1. Client : on connect, send a custom authorization event that includes PHPSESSID to the server
2. Server : on authorization , make a call to api.php using this cookie to get user information, send client this identity information
3. Client : can now perform actions using this identity

This is a bit kludgy since Socket.IO has a place for authentication ( On this wiki ) which I would like to use. The problem is that I don't know how to send the PHPSESSID cookie information from the client to the server. They're on different domains, so the browser doesn't include them in the request.

Any ideas?

Answer 1

I would recommend switching session handling and use Redis instead, which is also faster than the default file based session handling.

First install the Redis server . After that you add the phpredis extension to PHP by first compiling it and then configuring your php.ini to use it.

extension=redis.so
session.save_handler = redis
session.save_path = "tcp://localhost:6379/"

From Node.js you can then read these sessions using the node_redis module.