HTML - WebSocket

Basic Concepts

WebSocket is a communication protocol that provides full-duplex communication channels over a single TCP connection. It lets real-time, bidirectional communication between a client (usually a web browser) and a server. The WebSocket protocol is made to be used in web browsers and servers, but it can also be used by any client or server application.

One of the main features of WebSocket is its full-duplex communication capability. Unlike traditional HTTP requests, where the client sends a request and waits for a response from the server, WebSocket lets both the client and the server send messages to each other independently at any time. This enables real-time data transfer without the need for the client to repeatedly ask the server for updates.

The WebSocket protocol is different from HTTP in several ways. While HTTP is a request-response protocol, WebSocket is a stateful protocol that keeps a persistent connection between the client and the server. HTTP connections are closed after each request-response cycle, whereas WebSocket connections stay open, allowing for continuous communication. Also, WebSocket uses a different URI scheme (ws:// for unencrypted connections and wss:// for encrypted connections) compared to HTTP's http:// and https://.

To start a WebSocket connection, the client sends an HTTP request to the server with an Upgrade header, indicating the desire to switch to the WebSocket protocol. If the server supports WebSocket, it responds with a specific Upgrade header, and the connection is upgraded from HTTP to WebSocket. Once the connection is established, both the client and the server can send messages to each other using the WebSocket protocol.

The WebSocket URI scheme is used to identify WebSocket connections. It consists of the ws:// prefix for unencrypted connections and wss:// for encrypted connections (similar to https://). The WebSocket URI follows a specific format:

Example: WebSocket URI Format



  • host is the domain name or IP address of the server
  • port is the port number (default is 80 for ws:// and 443 for wss://)
  • path is an optional path component
Feature WebSocket HTTP
Communication Full-duplex Request-response
Connection Persistent Closed after each request-response cycle
URI Scheme ws:// and wss:// http:// and https://

WebSocket provides an efficient and flexible way for real-time communication between clients and servers compared to traditional HTTP. Its full-duplex nature, persistent connections, and dedicated URI scheme make it well-suited for building responsive and interactive web applications.

WebSocket API

The WebSocket API lets web browsers communicate with a WebSocket server using JavaScript. It allows creating a WebSocket object, connecting to a server, sending and receiving messages, and handling different WebSocket events.

To create a WebSocket object, use the WebSocket constructor, which takes the WebSocket server URL as a parameter:

Example: Create a WebSocket object

const socket = new WebSocket('ws://');

Once the WebSocket object is created, you can establish a connection to the WebSocket server using the connect() method. However, the connection is automatically started when the WebSocket object is created, so calling connect() directly is not necessary.

After the connection is established, you can send messages to the server using the send() method of the WebSocket object. The message can be a string, ArrayBuffer, or Blob:

Example: Send a message to the WebSocket server

socket.send('Hello, WebSocket server!');

To receive messages from the server, you need to listen for the onmessage event. This event is triggered whenever a message is received from the server. You can access the received message through the data property of the event object:

Example: Receive messages from the server

socket.onmessage = function(event) {
  console.log('Received message:',;

When you're done with the WebSocket connection, you can close it using the close() method:

Example: Close the WebSocket connection


The WebSocket API provides several events that you can listen for to handle different stages of the connection:

Event Description
onopen Triggered when the WebSocket connection is successfully established.
onmessage Triggered when a message is received from the server.
onerror Triggered when an error occurs with the WebSocket connection.
onclose Triggered when the WebSocket connection is closed.

Example: Handle WebSocket events

socket.onopen = function(event) {
  console.log('WebSocket connection opened');

socket.onmessage = function(event) {
  console.log('Received message:',;

socket.onerror = function(event) {
  console.error('WebSocket error occurred:', event);

socket.onclose = function(event) {
  console.log('WebSocket connection closed');

By using the WebSocket API, you can create interactive web applications that communicate with a server in real-time. You can send messages to the server, receive messages from the server, and handle different connection events to build responsive and dynamic user experiences.

Server-Side Implementation

To use WebSocket in your web application, you need a server that supports the WebSocket protocol. The server-side implementation of WebSocket involves handling the WebSocket handshake, managing connections, and exchanging messages with connected clients.

WebSocket Server Requirements
Support for the WebSocket protocol (RFC 6455)
Ability to handle the WebSocket handshake and upgrade the connection from HTTP to WebSocket
Capacity to maintain persistent connections with multiple clients
Capability to send and receive messages asynchronously

Several popular programming languages and frameworks provide libraries and tools for implementing WebSocket servers. Here are a few widely used server-side WebSocket libraries:


  • Socket.IO: A powerful library that enables real-time, bidirectional, and event-based communication between the browser and the server. It provides a higher-level abstraction over WebSocket and offers additional features like automatic reconnection and multiplexing.
  • ws: A simple and lightweight WebSocket library for Node.js. It focuses on providing a pure WebSocket implementation without additional abstractions or features.


  • Flask-SocketIO: An extension for the Flask web framework that adds support for WebSocket and enables real-time communication between clients and the server. It integrates with the popular Socket.IO library and provides a user-friendly API for handling WebSocket events.
  • Tornado: A scalable, non-blocking web framework and asynchronous networking library for Python. It includes built-in support for WebSocket and allows handling WebSocket connections efficiently.


  • Java-WebSocket: A Java library that provides a WebSocket server and client implementation. It follows the WebSocket protocol specification and offers a simple and intuitive API for building WebSocket applications.
  • Jetty: A popular Java web server and servlet container that includes support for WebSocket. It provides a WebSocket API and allows integrating WebSocket functionality into Java web applications.

To set up a basic WebSocket server, you need to choose a server-side technology and library that fits your requirements and programming language preferences.

Example: Setting up a WebSocket Server using Node.js and the 'ws' library

const WebSocket = require('ws');

const server = new WebSocket.Server({ port: 8080 });

server.on('connection', (socket) => {
  console.log('Client connected');

  socket.on('message', (message) => {
    console.log(`Received message: ${message}`);
    socket.send(`Server received: ${message}`);

  socket.on('close', () => {
    console.log('Client disconnected');

By implementing a WebSocket server, you can handle incoming connections, receive messages from clients, and send messages back to them in real-time. The specific implementation details may vary depending on the chosen server-side technology and library, but the general principles remain the same.

Remember to handle WebSocket connection events, such as connection, message, and close, to properly manage the lifecycle of WebSocket connections and respond to client interactions.

Client-Side Implementation

To implement WebSocket communication on the client-side, you can use the JavaScript WebSocket API. This API lets you establish a WebSocket connection, handle events, send and receive messages, and close the connection.

To establish a WebSocket connection, you first need to create a new WebSocket object by providing the WebSocket server URL:

Example: Creating a WebSocket Connection

const socket = new WebSocket('ws://localhost:8080');

Once the WebSocket object is created, you can handle various events using the following event handlers:

Event Handler Description
onopen Triggered when the WebSocket connection is established.
onmessage Triggered when a message is received from the server.
onerror Triggered when an error occurs with the WebSocket connection.
onclose Triggered when the WebSocket connection is closed.

Example: Handling WebSocket Events

socket.onopen = function(event) {
  console.log('WebSocket connection established');

socket.onmessage = function(event) {
  console.log('Received message:',;

socket.onerror = function(event) {
  console.error('WebSocket error occurred:', event);

socket.onclose = function(event) {
  console.log('WebSocket connection closed');

To send messages to the server, you can use the send() method of the WebSocket object. The message can be a string, ArrayBuffer, or Blob:

Example: Sending a Message

socket.send('Hello, WebSocket server!');

When the server sends a message to the client, the onmessage event is triggered, and you can access the received message through the data property of the event object:

Example: Receiving a Message

socket.onmessage = function(event) {
  console.log('Received message:',;

To close the WebSocket connection, you can call the close() method on the WebSocket object:

Example: Closing the WebSocket Connection


When the connection is closed, either by the client or the server, the onclose event is triggered, allowing you to perform any necessary cleanup or handle the connection closure.

Complete WebSocket Client Example

<!DOCTYPE html>
  <title>WebSocket Client Example</title>
    const socket = new WebSocket('ws://localhost:8080');

    socket.onopen = function(event) {
      console.log('WebSocket connection established');
      socket.send('Hello, WebSocket server!');

    socket.onmessage = function(event) {
      console.log('Received message:',;

    socket.onerror = function(event) {
      console.error('WebSocket error occurred:', event);

    socket.onclose = function(event) {
      console.log('WebSocket connection closed');

WebSocket Security

When using WebSocket for real-time communication, it's important to think about security to protect your application and users from potential vulnerabilities. WebSocket introduces some security considerations that need to be addressed.

One of the basic security mechanisms in WebSocket is the origin-based security model. WebSocket servers should check the origin of incoming connections to make sure they come from trusted sources. Browsers send the Origin header during the WebSocket handshake, and servers can check this header to allow or deny connections based on the origin. This helps prevent unauthorized access to WebSocket resources from different domains.

To further improve security, WebSocket supports the use of the secure WebSocket protocol (wss://). Similar to HTTPS, wss:// encrypts the WebSocket communication using SSL/TLS. This protects the data sent between the client and the server from eavesdropping and tampering. When dealing with sensitive information or authentication, it's recommended to use wss:// to establish a secure WebSocket connection.

Authentication and authorization are important aspects of WebSocket security. WebSocket connections should be authenticated to make sure only authorized users can access the WebSocket resources. This can be done by implementing authentication mechanisms such as token-based authentication or session-based authentication. Upon successful authentication, the server can associate the WebSocket connection with the authenticated user and perform authorization checks to control access to specific resources or actions.

Cross-site WebSocket hijacking (CSWSH) is a security vulnerability that lets attackers access WebSocket connections from a different domain. To prevent CSWSH, WebSocket servers should implement proper origin validation and only allow connections from trusted origins. Using secure cookies (with the Secure and HttpOnly flags) for authentication can help reduce the risk of cookie theft and unauthorized access to WebSocket connections.

Best Practices for Securing WebSocket Connections
Use the secure WebSocket protocol (wss://) for encrypted communication.
Validate the Origin header to allow connections only from trusted domains.
Implement strong authentication and authorization mechanisms.
Use secure cookies for authentication to prevent cookie theft.
Validate and sanitize user input to prevent injection attacks.
Keep WebSocket libraries and server software up to date with the latest security patches.
Implement rate limiting and connection throttling to protect against denial-of-service attacks.
Monitor and log WebSocket activity for security auditing and incident response.

Use Cases and Examples

WebSocket has a wide range of applications and use cases where real-time communication is essential. Let's look at some common examples where WebSocket shines:

Real-time Chat Applications: WebSocket is a good fit for building real-time chat applications. With WebSocket, you can create chat rooms where multiple users can send and receive messages instantly. When a user sends a message, the server can broadcast it to all connected clients in real-time, allowing for seamless and interactive communication. WebSocket enables features like typing indicators, online presence, and real-time message delivery, making chat applications responsive and engaging.

Live Updates and Notifications: WebSocket is ideal for delivering live updates and notifications to users.

Live Updates Example

// Server-side example
wss.on('connection', function (ws) {
  ws.send('Welcome to the real-time notification service!');

In a social media application, when a user receives a new message, like, or comment, the server can send a real-time notification to the user's browser using WebSocket.

This allows for instant updates without the need for manual page refreshes. Similarly, in a news or sports website, WebSocket can be used to provide real-time updates on breaking news, scores, or stock prices, keeping users informed and engaged.

Collaborative Editing and Whiteboarding: WebSocket enables collaborative editing and whiteboarding applications where multiple users can work together in real-time.

Collaborative Editing Example

socket.on('documentChange', function (data) {

When a user makes changes to a document or draws on a virtual whiteboard, the server can instantly send those changes to all connected clients.

This allows for seamless collaboration, as users can see each other's modifications in real-time. WebSocket provides a low-latency communication channel, making collaborative editing smooth and responsive.

Multiplayer Games: WebSocket is widely used in multiplayer gaming applications. It allows real-time interaction between players, enabling features like player movements, game state synchronization, and in-game chat.

Multiplayer Games Example

// Player movement example
socket.on('move', function (data) {

Players can send their actions to the server, and the server can broadcast the updated game state to all connected players instantly.

This creates a responsive and immersive gaming experience, as players can see each other's actions and interact in real-time.

Real-time Data Visualization: WebSocket is useful for real-time data visualization applications, such as dashboards, monitoring systems, or financial trading platforms.

Real-time Data Visualization Example

// Real-time data update example
socket.on('dataUpdate', function (data) {

When new data becomes available on the server, it can be instantly pushed to the connected clients using WebSocket.

This allows for real-time updates of charts, graphs, and other visual representations without needing manual refreshes. WebSocket enables smooth and continuous data streaming, making data visualization applications more dynamic and interactive.

These are just a few examples of how WebSocket can be applied in different domains. The real-time nature of WebSocket communication opens up possibilities for a wide range of interactive and engaging applications. Whether it is enabling instant messaging, providing live updates, facilitating collaboration, or creating immersive gaming experiences, WebSocket offers a powerful tool for building responsive and dynamic web applications.

Browser Support and Fallback

WebSocket is supported by modern web browsers, including Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Edge, and Internet Explorer 11. However, you should consider browser support and provide fallback options for older browsers that may not have WebSocket support.

To check if a browser supports WebSocket, you can use the window.WebSocket property. If the property exists, it means the browser supports WebSocket:

Example: Checking WebSocket Support

if (window.WebSocket) {
  console.log('WebSocket is supported');
  // Proceed with WebSocket connection
} else {
  console.log('WebSocket is not supported');
  // Fallback to alternative communication methods

If a browser does not support WebSocket, you can provide fallback options to enable real-time communication using alternative techniques. Two common fallback approaches are:

Approach Description
Long-polling The client sends a request to the server and keeps the connection open until the server has new data to send. Once the server sends the data, the connection is closed, and the client immediately sends another request to the server, starting the process again. This creates a continuous loop of requests and responses, simulating real-time communication.
Server-sent events (SSE) Server-sent events allow the server to push data to the client using a unidirectional connection. The client establishes a connection to the server using the EventSource API, and the server can send events to the client whenever new data is available. SSE is supported by most modern browsers and provides a simple way to receive real-time updates from the server.

When implementing fallback options, you should consider graceful degradation strategies. Graceful degradation means providing a fallback experience that is still functional and usable, even if it may not have all the features or performance of the primary WebSocket-based implementation.

Example: Graceful Degradation with Fallback Options

if (window.WebSocket) {
  // Establish WebSocket connection
  const socket = new WebSocket('ws://localhost:8080');
  // WebSocket-specific code
} else if (window.EventSource) {
  // Fallback to server-sent events
  const eventSource = new EventSource('/events');
  // Server-sent events-specific code
} else {
  // Fallback to long-polling
  setInterval(function() {
    // Send long-polling request to server
    // Handle server response
  }, 5000);

By providing fallback options and implementing graceful degradation, you can make sure your application works on a wider range of browsers and offers a usable experience even in the absence of WebSocket support. However, it's worth noting that fallback options may not provide the same level of performance and responsiveness as WebSocket, so it's still recommended to use WebSocket whenever possible.