javascript - authenticating users / socket io -

i'm new this, i'm building game users need log in , can interact each other, or subset of other logged in users.

my initial thought after login add them/their websocket client id array of logged in users , have manipulate know logged in or not.

is normal way go doing sort of thing?

thanks!

depends on definition of "normal". ;-)

typically server use provide mechanism manage "user state" including whether or not user has logged application.

for example, node's 'express' library (and 'connect' express uses 'underneath') provides req.session object purpose can things like:

// user login via post //   assumes we're posting 2 values: username , password //   urlencoded data  app.post('/login',function(req,res){    var username=req.body['username']||'',       password=req.body['password']||'';    // check post data (username,password)    // against list of allowed users    if(isauthorized(username,password)) { // provide isauthorized()     req.session.authorized=true;   }   else {     // display error message user     // , redirect login form   } });  // user logout via app.get('/logout',function(req.res){   req.session.destroy(); }); 

then when want provide protected pages user, first check if req.session.authorized true , if not, redirect login form.

see docs express more @ http://expressjs.com/guide.html