Websocket Validation

Francis Daly francis at daoine.org
Tue May 17 18:55:39 UTC 2016


On Tue, May 17, 2016 at 10:33:24AM -0700, vikrant singh wrote:

Hi there,

> I use nginx as a proxy, and establish a webscoket between client and
> backend.I validate  user's cookies before establish WS and when WS is in
> use I validate cookies on backend periodically.
> 
> With this  set up in place when a user's cookie expires ,   an established
> WS will remain in use until next validation check on backend happens.

The nginx model is more or less: establish the websocket connection and
treat it as an opaque tunnel.

> How I can fix this?

Once the connection is established, you do your own control.

Possibly doing  the backend validation check more frequently will help? Or
whatever it is that decides that the cookie has expired, could let the
backend know to close the connection now (or could invite the backend
to do a validation check now)?

	f
-- 
Francis Daly        francis at daoine.org



More information about the nginx mailing list