From 1a3b3e1cdc2b56c52459e737f0a60895035223b5 Mon Sep 17 00:00:00 2001
From: Screeny <screeny05@gmail.com>
Date: Tue, 19 Nov 2013 10:52:36 +0100
Subject: [PATCH] step 2, updated readme

---
 README.md | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6beda21..c63fcb5 100644
--- a/README.md
+++ b/README.md
@@ -121,9 +121,27 @@ passportSocketIo.filterSocketsByUser(io, function(user){
 });
 ```
 
+## CORS-Workaround:
+If you happen to have to work with Cross-Origin-Requests (marked by socket.io as `handshake.xdomain`) then here's a workaround:
+
+### Clientside:
+You have to provide the session-cookie. If you haven't set a name yet, do it like this: `app.use(express.session({ key: 'your.sid-key' }));`
+```javascript
+// Note: ther's no readCookie-function built in.
+// Get your own in the internetz
+socket = io.connect('//' + window.location.host, {
+  query: 'session_id=' + readCookie('your.sid-key')
+});
+```
+
+### Serverside:
+Nope, there's nothing to do on the server side. Just be sure that the cookies names match.
+
+
 ## Notes:
 * Does **NOT** support cookie-based sessions. eg: `express.cookieSession`
-* If the connection fails, check if you are requesting from a client via CORS. Check `socket.handshake.xdomain === true` as there are no cookies sent.
+* If the connection fails, check if you are requesting from a client via CORS. Check `socket.handshake.xdomain === true` as there are no cookies sent. For a workaround look at the code above.
+
 
 ## Contribute
 You are always welcome to open an issue or provide a pull-request!