|
|
|
|
|
|
by z3t4
1617 days ago
|
|
|
If I understand correctly, websockets is a thin layer on TCP that does buffer data so that the application get the whole message instead of chunks. I recommend using wss to secure the websocket so that it can't be hijacked, then you don't need to send a token in each message and can do an application layer handshake once. Basically the first websock message from the client would be an authentication message with a password, token or what not. |
|
|
The first websocket message is the original request, which will have the users cookies / headers where your session information / bearer token should live.