Preventing Direct Room Joining and Monitoring User Leaving in Socket.IO

The client-side socket.io library does not have the ability to .join() a room. That ability is only in the server-side library (because that’s where the rooms are maintained) and thus the only place it can actually be processed.

So, the only way to join a room is to make your own message for a join request from client to server and process that message on the server on behalf of a given client which enables you to do any sort of checking you want before any client can join a particular room. As such, you should be safe the way you’re already doing it.


Similarly, there are only two ways that a client leaves a room. The first is when you process your own message and call .leave() server-side so you can certainly monitor any time that happens since it’s your own server-side code calling .leave(). The other way a client leaves a room is when the client disconnects and you can also monitor for disconnects in the server. Like with .join(), the client cannot call .leave() directly so you don’t have to worry about that.

Leave a Reply

Your email address will not be published. Required fields are marked *