Socket.io: 2.x and 1.x compatibility

+1

Is there no way the 2.x client/server can detect they are connected to a 1.x server/client and use the old protocol? I'm in this same boat; I have thousands of clients connecting to my socket.io server, and they're all 1.x, so there's no easy way for me to upgrade to 2.x. I could perhaps spin up a second socket.io server on a different hostname and have my old clients connect to the old one and my new clients connect to my new one, but that sounds like a lot of work for something that should be handled by the library. :P

It does worry me that no one cares to comment. I realise that people might think there is some sort of liability associated, but a "sounds right, but can't commit" would be good.

In my case I went ahead and there were no problems, so I would imagine the only way to find out is to test it yourself. In my case everything worked fine, but it would make me sleep better at night if someone dared to answer my original question.

It's becoming a more pressing problem, too, as the highest socket 1.x
depends on libraries that are being tagged by nsp as having security
vulnerabilites.

On Oct 14, 2017 14:02, "niallel" notifications@github.com wrote:

It does worry me that no one cares to comment. I realise that people might
think there is some sort of liability associated, but a "sounds right, but
can't commit" would be good.

In my case I went ahead and there were no problems, so I would imagine the
only way to find out is to test it yourself. In my case everything worked
fine, but it would make me sleep better at night if someone dared to answer
my original question.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/socketio/socket.io/issues/3007#issuecomment-336652626,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABsF-zaEUlaF5op3yyIaVKD2jm0Hx2V7ks5ssPctgaJpZM4OZHX0
.

Hi guys,
Same problem here. I've posted a question on SO, no answers (except my self-answer after testing).
I find it very strange that the socket.io devs are so careless about breaking compatibility and even documenting exactly what's broken or not, and how to cope. A lot of people are using that lib, right ?

@IlyaDiallo please see the release note: https://github.com/socketio/socket.io/releases/tag/2.0.0

The release note contains the following breaking changes:

• a breaking change related to utf-8 encoding in engine.io-parser (socketio/engine.io-parser#81)

As described in the pull request, strings were utf8-encoded twice when using polling transport, which caused issues with other client implementations. Basically, your application is concerned if you use strings where utf8.encode(utf8.encode(s)) != utf8.encode(s).

So, unless you only use websocket transport, or basic ASCII characters, that's an incompatible change.

• an update to make the socket id on the client match the id on the server-side (socketio/socket.io-client#1058)

Example:

let client = io();
let adminClient = io('/admin');

client.on('connect', () => console.log(this.id)); // 6em3d4TJP8Et9EMNAAAA
adminClient.on('connect', () => console.log(this.id)); // /admin#6em3d4TJP8Et9EMNAAAA
// 1.x
adminClient.on('connect', () => console.log(this.id)); // 6em3d4TJP8Et9EMNAAAA

Thats great, confirms what I had tested.

@darrachequesne I've read the release notes. They're not giving explicitly the informations that you are giving here, i.e. it only (partly) breaks polling transport, so you can mix 1.x and 2.0 versions with websocket transport (which is the protocol used in the vast majority of cases). I'd say that's important enough to be mentioned in the release notes.
For the #1058 issue, just to be sure, the question was:

So again I imagine if you are using the default namespace it works fine (again seems to).
Is this correct as well?

So that's correct, it only affects non-default namespaces ? And in that case, what are the symptoms ?

@IlyaDiallo It sounds like the namespace is now incorporated into the client socket's id. So if you don't rely on that id, it won't affect you.

@jwalton a you sure ? If it's only that (i.e. id is not used internally), that seems like a pretty weak incompatibility. More like "compatible with caveat" than a blunt "not compatible" statement.

@IlyaDiallo This is the PR: https://github.com/socketio/socket.io-client/pull/1058/files.

@jwalton I've seen the PR but I'm not familiar with the internals of socket.io, so I can't easily translate it to a yes/no response to the question "is the change affecting socket.io internally or is it only affecting users relying on the id being equal or not". And NB it's also related to #959 #2405 and #2509.
My point is that the exact compatibility issues could be much more easily and reliably documented by the people making the change than by others unfamiliar with the affected code.

I too am unfamiliar with the code, so take my assertions with an appropriate grain of salt. :) But AFAIK, yes, it's just that the ID changed. The half of it with the polling transport is much more worrisome.

The half of it with the polling transport is much more worrisome.

Depends. The default behavior of the client is to switch to websocket if available, and it should be available in nearly all cases. Maybe you could check that server side by tracking the clients that are actually using polling ?

@IlyaDiallo fair enough, the documentation could be improved!

So that's correct, it only affects non-default namespaces ? And in that case, what are the symptoms ?

Yes, only non-default namespaces, for which the socket id is now <namespace>#<connection id> (it was only <connection id> previously), in order to match the id on the server-side. There may be an impact if socket id are used for private messaging for example (socket.to(<other id>).emit()).

@darrachequesne thanks for the confirmation. So that incompatibility only affects the (small ?) subset of users using non-default namespaces + using connection id in their code to send messages. If that was clarified in the release notes it would help a lot of people I think.
Same thing for the other issue (double-encoding), but it's dicier because the client behavior might vary (for instance a proxy blocking websocket protocol). Beside documenting the issue, the best would be as @jwalton suggested that the server detects 1.x client and double-encodes for them, I don't know if it's feasible...?

Hi there, is there any response to @IlyaDiallo question? Seem like very rational backward compatibility solution especially when there is no an easy way to update all clients.

we have implemented this at opensooq and the solution is open-sourced here

https://github.com/OpenSooq/socketio_repeater/

read our blog post

https://engineering.opensooq.com/running-the-incompatible-socket-io-versions-at-the-same-time-is-making-the-impossible-possible/

Even after having upgraded my server to v2, although the majority of my clients are also on v2, there are still several who are running v1. I've identified that those clients always seem to be in polling mode and never switch to WebSocket mode, which is causing a lot of unnecessary traffic on my server. My workaround was to change the socket.io path to a custom /v2-socket.io, such that the old clients start getting 404s and don't slow down my server for everyone else.