techpines · nullivex · Nov 5, 2013 · Nov 5, 2013
diff --git a/README.md b/README.md
@@ -81,6 +81,26 @@ Sessions work automatically, just set them up like normal using express.
 app.use(express.session({secret: 'express.io makes me happy'}));
 ```
 
+**Please note** that the SocketIO session support is given by using the SocketIO 
+authorization handler. Thus, if there is a need to implement your own authorization
+it should use the existing authorization handler and wrap it.
+
+Here is a small example of a custom handler that uses passport to validate socket
+requests except when on the login page.
+
+```js
+  //use passport to authenticate our socket.io connections
+  var ioAuthorization = app.io.get("authorization")
+  app.io.set("authorization",function(data,accept){
+    ioAuthorization(data,function(err,res){
+      if(null !== err) accept(err,res)
+      if(!data.session[passport._key][passport._userProperty] && !data.headers.referer.match(/login/)){
+        accept(null,false)
+      } else accept(null,true)
+    })
+  })
+```
+
 ## Double Up - Forward Normal Http Routes to Realtime Routes
 
 It's easy to forward regular http routes to your realtime routes.