Fixed socket session secure might not apply properly

Author: jackycute

lib/realtime.js

@@ -42,22 +42,25 @@ function onAuthorizeFail(data, message, error, accept) {
     accept(); //accept whether authorize or not to allow anonymous usage
 }
 
+//secure the origin by the cookie
 function secure(socket, next) {
     try {
         var handshakeData = socket.request;
         if (handshakeData.headers.cookie) {
             handshakeData.cookie = cookie.parse(handshakeData.headers.cookie);
             handshakeData.sessionID = cookieParser.signedCookie(handshakeData.cookie[config.sessionname], config.sessionsecret);
-            if (handshakeData.cookie[config.sessionname] == handshakeData.sessionID) {
+            if (handshakeData.sessionID &&
+                handshakeData.cookie[config.sessionname] &&
+                handshakeData.cookie[config.sessionname] != handshakeData.sessionID) {
+                if (config.debug)
+                    logger.info("AUTH success cookie: " + handshakeData.sessionID);
+                return next();
+            } else {
                 next(new Error('AUTH failed: Cookie is invalid.'));
             }
         } else {
             next(new Error('AUTH failed: No cookie transmitted.'));
         }
-        if (config.debug)
-            logger.info("AUTH success cookie: " + handshakeData.sessionID);
-
-        next();
     } catch (ex) {
         next(new Error("AUTH failed:" + JSON.stringify(ex)));
     }