i don't believe that's a problem there aren't any known vulnerabilities to this, server-side socket.io is using ID to identify websocket connections just to "know" where to emit events and from where an event was emitted.
Is passing socket.id from server to client possible security issue?
Question
I'm using node.js with socket.io. Every socket connected to server has its own socket.id
. I'm wondering if it is possible security issue if I pass socket.id
from server to clients?
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow