madness; brought to you by connect, express, passport, and socket.io.

gistfile1.js

io.configure(function () {
	io.set('authorization', function (data, accept) {
		if (data.headers.cookie) {
			cookieParser(data.headers.cookie, function(err, c) {
				if(err) accept('cookie parse failure: ' + err, false)
				data.cookie = c.cookies || {}
				data.signedCookie = c.signedCookies || {}
				data.sessionID = data.cookie[cookieKey] || data.signedCookie[cookieKey] || null
				if(!data.sessionID) accept('no sid cookie', false) // bad cookie! bad!
				sessionStore.get(data.sessionID, function (err, session) {
					if (err || !session) {
						// invalid session identifier. tl;dr gtfo.
						accept('no session', false)
					} else {
						// connect makes no sense sometimes...yes, this is required for some reason.
						// socket.io and latest connect do NOT play well together...and fucking ConnectSession just doesn't want to play ball.
						for(var p in ConnectSession.prototype) {
							if(ConnectSession.prototype.hasOwnProperty(p))
								session[p] = ConnectSession.prototype[p]
						}
						session['req'] = {
							sessionStore: sessionStore,
							sessionID: data.sessionID
						}
						data.session = session
						accept(null, true)
					}
				})
			})

		}
		else {
			// no fuck you get out
			accept('no authentication cookie received', false)
		}
	})
})