If you’re already doing authentication for the non-websocket part of your app, just pass the session cookie along as the first message after connecting and check the cookie as you normally would.
WARNING: It’s been pointed out that the following doesn’t work when flashsockets are used:
If you’re using socket.io, it’s even easier—the cookies are passed through automatically on connection, and can be accessed like the following:
var io = require('socket.io');
var socket = io.listen(app);
socket.on('connection', function(client){
cookies = client.headers['cookie'];
});