Expressframework~8 mins

Authentication in WebSocket connections in Express - Performance & Optimization

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Performance: Authentication in WebSocket connections

MEDIUM IMPACT

This affects the initial connection setup time and ongoing message handling responsiveness in WebSocket communication.

Authenticate users on WebSocket connection

Express

const WebSocket = require('ws');
const wss = new WebSocket.Server({
  port: 8080,
  verifyClient: (info, done) => {
    const token = extractTokenFromInfo(info);
    if (authenticate(token)) {
      done(true);
    } else {
      done(false, 401, 'Unauthorized');
    }
  }
});
wss.on('connection', function connection(ws) {
  // User is authenticated once during handshake
  ws.on('message', function incoming(message) {
    // Process message directly
  });
});

Authentication happens once during handshake, reducing CPU load and improving message responsiveness.

📈 Performance GainSingle authentication per connection, reducing INP and improving user experience.

Authenticate users on WebSocket connection

Express

const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 8080 });
wss.on('connection', function connection(ws) {
  ws.on('message', function incoming(message) {
    // Authenticate user on every message
    if (!authenticate(message.token)) {
      ws.close();
      return;
    }
    // Process message
  });
});

Authenticating on every message causes repeated CPU work and delays message processing.

📉 Performance CostBlocks message handling, increasing INP and causing slower response to user input.

Performance Comparison

Pattern	DOM Operations	Reflows	Paint Cost	Verdict
Authenticate on every message	N/A (WebSocket messages)	N/A	N/A	[X] Bad
Authenticate once during handshake	N/A (WebSocket messages)	N/A	N/A	[OK] Good

Rendering Pipeline

Authentication during WebSocket handshake happens before connection is established, avoiding delays during message processing.

→Connection Setup

→Message Handling

⚠️ BottleneckMessage Handling stage if authentication is repeated per message

Core Web Vital Affected

INP

This affects the initial connection setup time and ongoing message handling responsiveness in WebSocket communication.

Optimization Tips

1Authenticate WebSocket connections once during the handshake to avoid repeated CPU work.

2Avoid authenticating on every message to keep message handling fast and responsive.

3Use DevTools Network panel to verify authentication happens only during connection setup.

Performance Quiz - 3 Questions

Test your performance knowledge

What is the main performance benefit of authenticating WebSocket connections during the handshake instead of on every message?

AReduces CPU load by authenticating once per connection

BImproves page load speed by delaying authentication

CIncreases security by authenticating multiple times

DReduces network bandwidth by compressing tokens

DevTools: Network

How to check: Open DevTools Network panel, filter by WS connections, inspect the initial handshake request and response headers to verify authentication happens once.

What to look for: Look for authentication tokens or headers in the handshake and absence of repeated authentication in message frames.