Check the name in the web app?

There is a small web application, the game is written in javascript(client) and node js && socket.io (as a server). At the moment the user name goes on the client side using the XMLHttpRequest from the database(looks $_session [user_id ] is the username) but the problem is that this name can be easily faked and in fact you can send absolutely any value. Any suggestion on how can on the server side to get the name from database?Thought that you can also from the database to get the name and assign it to the socket_id, but it is not clear on what basis, because there is no longer get the $_session and not be able to find the line for "where user_id=?".
July 2nd 19 at 18:03
1 answer
July 2nd 19 at 18:05
Solution
Use JWT.

In Your case:
1. Server-generated JWT token: payload { "username": ... }
2. Instead of passing username token
3. On the server check and get the token from the username.

Find more questions by tags SocketsNode.jsJavaScript