Reputation: 870
Session Management on Raw Socket
I am using a product from a company (I don't want to mention any specifics for right now) that exposes an interface where you can open a socket (over SSL/TLS or plaintext if you wish to configure it that way) and then issue commands to the product. You have to authenticate before issuing the commands but one way to authenticate is via username/password. I noticed that after you do the username/password authentication you don't have to provide any session identifier and you no longer have to provide the username/password. What I don't get is how the product knows that I am authenticated afterwards. Is there some equivalent of a cookie that is being passed forward when I do raw socket communication that I am not aware of? Keep in mind that these are not HTTP requests but rather raw sockets like this.
Upvotes: 0
Views: 152
Answers (1)
Reputation: 123461
First, you are not doing raw sockets but you are doing just a normal TCP connection (INET/INET6 socket with type SOCK_STREAM), maybe with some SSL/TLS on top. Contrary to HTTP a TCP connection is stateful already and thus you does not need some kind of cookie to maintain a state between different commands, as long as all these command are issued inside the same TCP connection. Once the TCP connection is finished (i.e. closed) the state is lost which means the next time you connect the authentication must be done again.
Upvotes: 1
Related Questions
- Assign session specific data to a socket
- Managing sessions in node.js, with socket.io & without using cookies
- NodeJS - Access sessions inside socket
- PHP Sockets - Store User login
- Safe authentication with node.js and session.socket.io?
- How to handle client-sessions in socket.io
- php session management in socket services
- Node.js TCP socket sessions
- Socket Sessions For Persistent Connections
- .NET TCP socket with session