I finally find a way to make my group chat working in socket.io/Redis without having to read the session datas. I submit it here to be sure that i'm not making new mistakes.
Users can belong to n groups and a group can have n users, then i have a table with a double primary key (userid, groupid) and a hash unique column. When a create a new line in this table, i generate a unique string that i put in this column
Code:
md5(uniqid(rand(), TRUE))
and a generate a new line in the redis table with a couple
uniquehash:groupid
In a controller, create a simple function which take the session userid as parameter and return the differents unique hashs in a json., looking in the mysql table.
The client node js gets the table with a simple ajax request to this conttroller function, and send it to the node server.
The node server gets the groups id looking in the redis table.
When a user do not belong anymore to a group, i destroy the database line and the redis couple in the same time.
What do you think about it Narf, is there another security issue ?