How can I access the userid inside a webapp handler

I wanted to provide a route where that generates and downloads as csv file, but it needs to be protected

WebApp.connectHandlers.use("/my-file.csv", function(req, res, next) {
//... generate csv and stream to response

I neither can call Meteor.userId() nor this.userId is set, any ideas how to protect such a route or do I need to implement a custom login? :frowning:

See the answers given here. Iā€™m partial to my own answer because it uses dynamic keys rather than cookies, which have other security implications.

ok, thanks. I guess I will try it like that