Identify/Authenticate client on websocket

Asked

Viewed 139 times

1

I’m creating a simple server sockets in PHP, but I’m having some doubts, since this is the first time I’ve done anything like this. My doubt is how I identify the client, that is, through an authentication system, perhaps.

What I’ve tried so far:

  • Cookies
  • Hash

Server Code: https://www.codepile.net/pile/vBZP9xkq

Client code: https://www.codepile.net/pile/YlD2JDjB


Cookies

When I started creating the server, I thought no authentication system was necessary, since I have the site with login. In principle, the socket would share the same cookie and thus on the server of sockets, I would have access to the client’s session.

So you’d know that the socket X would be the client X.

But to my surprise, we headers comes a phpsessid different and as they are different, it doesn’t work.

PHPSESSID=7fo97nhaqfgir55ar17cr8c364 // No *PHP* e *JavaScript* (site)
PHPSESSID=isjbjik06p0d8srm4j1ccptj2b // No socket

Hash

It was my second approach, I added parameters to the address of socket:

  • meusocket.pt:9000/? h=123456789

But I soon realized that on the server sockets couldn’t catch anything, the headers and variable $_SERVER and $_REQUEST do not take the parameters.

Later I understood that it does not pass since it is not an http request, so it does not carry this information.


Completion

Right now I’m a little lost, I don’t know how to identify the client who enters the socket, and the only information I have is IP and this is impracticable since in the same IP may have X customers.

Can someone explain to me the correct way to authenticate in a socket?

  • This might help: https://stackoverflow.com/q/4361173/9101590

  • @Valdeirpsr I had already passed by, alias I created this topic because I do not see a form "plug and play". In this case they talk about using a sub protocol, but looking like this from the outside does not seem the correct way to be done, using a custom Protocol with the hash. There is no one who explains why I use this technique, which leaves me a little bit behind in using this solution.

1 answer

1

I have to venture into sockets with php, only worked with java. But I believe that the moment the socket is accessed you can create a thread for each client, you can even have an array with all threads. http://php.net/manual/en/class.thread.php.

  • This would be good for the management of the socket server clients, yet it maintained the same problem, relating the client who enters the socket with the clients I have on the site (database). Since the only thing I have common is the ip.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.