0👍
This is how I’m using it in socket.io 4.4 with HTTPOnly cookies:
For client->server cookie transport: socket.request.headers.cookie contains the cookies that were present in the browser at the time the connection was established (when using the websocket transport). If your session cookie changes during a session (ex: due to session ID rotation), your client has to reconnect to force it to send the latest cookies. Make sure any in-progress messages finish before reconnecting.
For server->client cookie transport: This cannot be done through socket.io, so what I do is send the client a websocket message saying that there is a new session cookie waiting, then the client sends an ajax/http query to the server, which adds the new cookie to the response, which the browser then automatically saves. After that the client reconnects as explained above, so the server can see the new cookie with subsequent WS requests.
Note that this assumes everything runs on the same site.
I have not tested whether you also need to reconnect to update the cookie if you’re using the polling transport rather than the websocket transport.