User authentication in tornado websocket application

Question

Now, i improve my tornado skills and have a question about user auth.

And my solution is create secure token on first page and next send it with other data, from javascr

Answer 1

I suggest you read the overview section in the documentation.

There should be some relevant content there:

• Cookies and secure cookies
• User Authentication
• Third Party Authentication

EDIT

I just realized your question is about websockets. I believe you can use the approach you outline:

• Create a cookie in the non-websocket part of your app
• Check the cookie in the websocket handler

You should be able to access the request headers inside the websocket handler using self.request.headers.