Allow cookies to be sent in XMLHttpRequest handshake; see https://github...

[chill117]

....com//issues/344

See: Issue #344

With these changes, can now send a cookie with the XHR handshake, allowing for persisting a user session.

Note about dependency upgrade:
Had to update XMLHttpRequest module to 1.6.0, to be able to disable forbidden headers in an XHR request.

[bzuillsmith]

This would be extremely helpful for testing purposes

[iliakan]

I had to patch socket.io-client to workaround that. Please let this pull request in.

[JCMais]

Is this ever going to be merged?

[hanwang85]

Is this going to be merged?

[killmenot]

+1

[ismriv]

This is extremely helpful for testing when using cookie-based authentication. Is this going to be merged at some point?

[lcultx]

+1, helpful to testing socket.io api with mocha( server-sdie testing), i do this but got auth problem taday!

[rauchg]

I'm down for merging a solution like this for the master branch

[chill117]

If anyone is upgrading to socket.io-client 1.x, which now uses engine.io-client for the connection-related heavy lifting, you'll probably want to look into passing your session cookie(s) in the query string. I just went through the upgrade process, and by far the least painful method of persisting user sessions within my integrations tests was the query string method.

To give you a better idea of how to accomplish this.. When creating the socket instance, pass the cookie in the query string like this:

var url = 'http://your-app-url'
var options = {}

url += '?cookie=' + encodeURIComponent(sessionCookie)

// Pass this flag to create a fresh socket for the integration tests.
options.forceNew = true

var socket = io(url, options)

Then on the server-side, you'll need to read the cookie variable from the query data:

// The new middleware way of doing things..
io.use(function(socket, next) {

    // The query string value will be used only if the header is not set.
    var cookie = socket.handshake.headers.cookie || socket.handshake.query.cookie

    if (!cookie)
        return next()

    // There is a cookie..
    // Perform your cookie-based user authentication here..

    // And, don't forget to call next() when you're done.

})