Session data in AuthMiddlewareStack

[flabbyThoroughbred]

Hi,

I'm using OpenId Connect to authenticate users and I want to ensure that socket connections are coming from an authenticated user.

It appears that AuthMiddleware layer does find a session but as its passed up the stack through SessionMiddleware and Cookiemiddleware the session does not persist.
Is this intended? In order to confirm the user I need to verify the oidc key that is in the session data.

The other alternative is to confirm in the consumer accept method. Is there a downside to handling connection authenticity in the consumer's accept?

Thanks!