Websockets security/authentication

  • I'm doing a online game(not real time), and decided to use websockets to do the communication between the client and the sever (nodejs).

    Besides using wss over ws, how do i handle security? what can i do to authenticate a message over the channel?

    i've read about using access_tokens, but i can't set cookies or headers in construct so i'd have to pass it along side the actual data right? websocket.send([token]|[data])

    So when the client connects to the server, the server responds with the token so the client can send it on the next messages.

    But someone listenning to these messages, can just grab the token and use it for them selfs no?

    Anyone has any hints, tips, articles i could check?

    Thanks in advance

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)