There are many articles on the Internet about websocket, which is fast and wonderful, but I have not found anywhere information on how to make the connection secure.
Suppose we have a client (browser), a web server ( php ) and a WS server ( ratchet | golang | node.js ). How can the three of them interact, in the simplest way, so that only authenticated users (on the web server) have access to the WS server? Thinking out loud):
- -generate unique persistent id on web server
- -transfer it to the client
- -from client get parameter (is it bad? if so how to fix it) on WS
- -with a WS server to a web server to check for the existence of such an id?
Perhaps the order is not correct, please tell me the correct one. In general, I will be glad to hear any comment and suggestion about this.
