When the session middleware is used inside ExpressJS, after modifying the session object, the save method is automatically called at the end of the response. However, that is not the case when using the session middleware in Socket.IO namespaces, that is why we call the save method manually to save the session back to the store. In our case, the store is the memory where the sessions are kept until the server stops.

Forbidding access to certain namespaces based on specific conditions is possible thanks to Socket.IO namespace middleware. If the control is not passed to the next handler, then the connection is not made. That's why after the login is successful, we ask the /home namespace to attempt to connect again.