This project is read-only.

cookie authentication

Oct 6, 2010 at 1:12 PM

Hey,

First of all thanks for creating this software. It's a great opportunity for me to learn C#. I started on the jsonrpc fork, and was wondering whether Nugget can capture the sent cookie from the websocket handshake. I want to use it for authentication purposes for the jsonrpc example.

kind regards,

Jeroen

Oct 7, 2010 at 8:11 PM

you can get the cookie(s) from the ClientHandshake that is passed in the Connected method on the handler

Oct 8, 2010 at 8:56 AM

Thanks, i'll give it a try. Any thoughts on secure authentication? On the python websocket handler i was using, I used the session id in the cookie to setup the user object along with the transport. It works, but not so sure about security. By the way, does nugget support wss(websocket over ssl)?

Oct 9, 2010 at 11:53 AM

Security isn't really my strong side, but  the mantra: "don't trust user input", applies to cookies as well as form input. And if you are sitting on a public network, i guess the cookie could be picked up by someone else?

Nugget does not support SSL, I hope it will at some point.