Websocket Validation

Hello,

I use nginx as a proxy, and establish a webscoket between client and
backend.I validate user’s cookies before establish WS and when WS is in
use I validate cookies on backend periodically.

With this set up in place when a user’s cookie expires , an
established
WS will remain in use until next validation check on backend happens.

How I can fix this?

Thanks,
Vikrant

On Tue, May 17, 2016 at 10:33:24AM -0700, vikrant singh wrote:

Hi there,

I use nginx as a proxy, and establish a webscoket between client and
backend.I validate user’s cookies before establish WS and when WS is in
use I validate cookies on backend periodically.

With this set up in place when a user’s cookie expires , an established
WS will remain in use until next validation check on backend happens.

The nginx model is more or less: establish the websocket connection and
treat it as an opaque tunnel.

How I can fix this?

Once the connection is established, you do your own control.

Possibly doing the backend validation check more frequently will help?
Or
whatever it is that decides that the cookie has expired, could let the
backend know to close the connection now (or could invite the backend
to do a validation check now)?

f

Francis D. [email protected]