OK, let's dig deeper :D
1. Open Superpowers/resources/app/server/index.js and look for:
function redirectIfNoAuth(req, res, next) {
if (req.cookies["supServerAuth"] == null) {
res.redirect("/login?redirect=" + encodeURIComponent(req.originalUrl));
return;
}
next();
}
2. Now, remove the 4 first lines in the function, so that it looks like this:
function redirectIfNoAuth(req, res, next) {
next();
}
This will remove the server-side cookie check. Restart your server. Does it work?
3. Now, try logging the cookies being sent to the server:
function redirectIfNoAuth(req, res, next) {
console.log(req.cookies);
if (req.cookies["supServerAuth"] == null) {
res.redirect("/login?redirect=" + encodeURIComponent(req.originalUrl));
return;
}
next();
}
Are the cookies properly logged in the server console?
4. Now open Superpowers/resources/app/public/SupClient.js and look for:
var supServerAuth = cookies.get("supServerAuth");
var socket = io.connect(window.location.protocol + "//" + window.location.host + "/" + namespace, { transports: ["websocket"], reconnection: options.reconnection, query: { supServerAuth: supServerAuth } });
Insert a console.log call between the two lines:
var supServerAuth = cookies.get("supServerAuth");
console.log(supServerAuth);
var socket = io.connect(window.location.protocol + "//" + window.location.host + "/" + namespace, { transports: ["websocket"], reconnection: options.reconnection, query: { supServerAuth: supServerAuth } });
Open the devtools (F12). What does the Console tab say?
That should help a bit, I got other ideas if needed.