diff --git a/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/authentication-with-socket.io.md b/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/authentication-with-socket.io.md index ce5af55213..694b3b0d7e 100644 --- a/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/authentication-with-socket.io.md +++ b/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/authentication-with-socket.io.md @@ -33,7 +33,11 @@ io.use( ); ``` -Be sure to add the `key` and `store` to the `session` middleware mounted on the app. This is necessary to tell *SocketIO* which session to relate to. +Note that configuring Passport authentication for Socket.IO is very similar to the way we configured the `session` middleware for the API. This is because they are meant to use the same authentication method — get the session id from a cookie and validate it. + +Previously, when we configured the `session` middleware, we didn't explicitly set the cookie name for session (`key`). This is because the `session` package was using the default value. Now that we've added another package which needs access to the same value from the cookies, we need to explicitly set the `key` value in both configuration objects. + +Be sure to add the `key` with the cookie name to the `session` middleware that matches the Socket.IO key. Also, add the `store` reference to the options, near where we set `saveUninitialized: true`. This is necessary to tell Socket.IO which session to relate to.