I'm doing a online game(not real time), and decided to use websockets to do the communication between the client and the sever (nodejs).
Besides using wss over ws, how do i handle security? what can i do to authenticate a message over the channel?
i've read about using access_tokens, but i can't set cookies or headers in construct so i'd have to pass it along side the actual data right? websocket.send([token]|[data])
So when the client connects to the server, the server responds with the token so the client can send it on the next messages.
But someone listenning to these messages, can just grab the token and use it for them selfs no?
Anyone has any hints, tips, articles i could check?
Thanks in advance