Reading HTTP headers (and cookies) over websocket

sparky · November 22, 2023, 3:34pm

I have seen some posts about headers and cookies, but I am still trying to get things working. I have a secure HttpOnly cookie on the client and I would like to read what that value is on the server. Meteor methods and events don’t seem to have access to that information.

The parameter I get (IValidateLoginAttemptCbOpts) in the calls from Accounts.validateLoginAttempt has a “connection” object, but that doesn’t have the headers either.
Is this information just not possible to get over a websocket? Or, if Meteor has abstracted this away, is there a way to get it back?
Thanks,
Mark

minhna · November 24, 2023, 9:31am

I think what you can do is creating a collection which store a pair of connection id and the secure httponly cookie.

paulishca · November 24, 2023, 12:50pm

@sparky it would help me if you could detail more of what you are trying to do.
Are you trying to do a persistent login or a login over multiple domains such as discussed here: Shared login across multiple apps ?

Or are you just trying to read a cookie and decode it on the server … for authentication?! … ok but this is pretty much what is discussed above.

In general, you can read the cookie and just send it with a method to the server.

e.g.

const getCookieToken = () => {
  const cookieName = 'your_cookie_name'

  if (document.cookie.length > 0) {
    for (const cookieKeyValue of document.cookie.split(';')) {
      const cookie = cookieKeyValue?.split('=') || []
      if (cookie.length > 1 && cookie?.[0]?.trim() === cookieName) {
        return cookie?.[1]?.trim()
      }
    }
  }
}