You're browsing the documentation for v3.x. For v4.x, click here.

The Socket instance (server-side)


The Socket instance has a few attributes that may be of use in your application:


Each new connection is assigned a random 20-characters identifier.

This identifier is synced with the value on the client-side.

// server-side
io.on("connection", (socket) => {
console.log(; // ojIckSD2jqNzOqIrAGzL

// client-side
socket.on("connect", () => {
console.log(; // ojIckSD2jqNzOqIrAGzL

Upon creation, the Socket joins the room identified by its own id, which means you can use it for private messaging:

io.on("connection", socket => {
socket.on("private message", (anotherSocketId, msg) => {"private message",, msg);

Note: you can’t overwrite this identifier, as it is used in several parts of the Socket.IO codebase.


This object contains some details about the handshake that happens at the beginning of the Socket.IO session.

headers: /* the headers of the initial request */
query: /* the query params of the initial request */
auth: /* the authentication payload */
time: /* the date of creation (as string) */
issued: /* the date of creation (unix timestamp) */
url: /* the request URL string */
address: /* the ip of the client */
xdomain: /* whether the connection is cross-domain */
secure: /* whether the connection is secure */


"headers": {
"user-agent": "xxxx",
"accept": "*/*",
"host": "",
"connection": "close"
"query": {
"EIO": "4",
"transport": "polling",
"t": "NNjNltH"
"auth": {
"token": "123"
"time": "Sun Nov 22 2020 01:33:46 GMT+0100 (Central European Standard Time)",
"issued": 1606005226969,
"url": "/",
"address": "::ffff:",
"xdomain": false,
"secure": true


This is a reference to the rooms the Socket is currently in.

io.on("connection", (socket) => {
console.log(socket.rooms); // Set { <> }
console.log(socket.rooms); // Set { <>, "room1" }

Additional attributes

As long as you do not overwrite any existing attribute, you can attach any attribute to the Socket instance and use it later:

// in a middleware
io.use(async (socket, next) => {
try {
const user = await fetchUser(socket);
socket.user = user;
} catch (e) {
next(new Error("unknown user"));

io.on("connection", (socket) => {

// in a listener
socket.on("set username", (username) => {
socket.username = username;

Socket middlewares

Those middlewares looks a lot like the usual middlewares, except that they are called for each incoming packet:

socket.use(([event, ...args], next) => {
// do something with the packet (logging, authorization, rate limiting...)
// do not forget to call next() at the end

The next method can also be called with an error object. In that case, the event will not reach the registered event handlers and an error event will be emitted instead:

io.on("connection", (socket) => {
socket.use(([event, ...args], next) => {
if (isUnauthorized(event)) {
return next(new Error("unauthorized event"));

socket.on("error", (err) => {
if (err && err.message === "unauthorized event") {

Note: this feature only exists on the server-side. For the client-side, you might be interested in catch-all listeners.


On the server-side, the Socket instance emits two special events:


This event is fired by the Socket instance upon disconnection.

io.on("connection", (socket) => {
socket.on("disconnect", (reason) => {
// ...

Here is the list of possible reasons:

Reason Description
server namespace disconnect The socket was forcefully disconnected with socket.disconnect()
client namespace disconnect The client has manually disconnected the socket using socket.disconnect()
server shutting down The server is, well, shutting down
ping timeout The client did not send a PONG packet in the pingTimeout delay
transport close The connection was closed (example: the user has lost connection, or the network was changed from WiFi to 4G)
transport error The connection has encountered an error


This event is similar to disconnect but is fired a bit earlier, when the Socket#rooms set is not empty yet

io.on("connection", (socket) => {
socket.on("disconnecting", (reason) => {
for (const room of socket.rooms) {
if (room !== {"user has left",;

Note: those events, along with connect, connect_error, newListener and removeListener, are special events that shouldn’t be used in your application:

// BAD, will throw an error

Complete API

The complete API exposed by the Socket instance can be found here.

Caught a mistake? Edit this page on GitHub