authenticating users / socket io

Question

I'm new to this, i'm building a game where users need to log in and can interact with each other, or a subset of other currently logged in users.

My initial thought is that after they login add them/their websocket client id to an array of currently logged in users and have that be what I manipulate to know who is logged in or not.

Is this a normal way to go about doing this sort of thing?

Thanks!

Answer 1

Depends on your definition of "normal". ;-)

Typically the server you use will provide some mechanism to manage "user state" including whether or not a user has logged into your application.

For example, Node's 'express' library (and 'connect' which express uses 'underneath') provides a req.session object for just this purpose so you can do things like:

// user login via POST
//   assumes we're posting two values: username and password
//   as urlencoded data

app.post('/login',function(req,res){

  var username=req.body['username']||'',
      password=req.body['password']||'';

  // check post data (username,password) 
  // against list of allowed users

  if(isAuthorized(username,password)) { // you provide isAuthorized()
    req.session.authorized=true;
  }
  else {
    // display an error message to user
    // and redirect back to the login form
  }
});

// user logout via GET
app.get('/logout',function(req.res){
  req.session.destroy();
});

Then when you want to provide protected pages to a user, first check if req.session.authorized is true and if not, redirect to a login form.

See the docs for express for more at http://expressjs.com/guide.html

Answer 2

Just found the ultimate solution here : http://www.danielbaulig.de/socket-ioexpress/

It explains how to use sessions either in express or node.js. And you can use a redisStore for persistent sessions (Ideal when you restart the server 3 times a minute :))