Yeah, I had a quick go at it just then. I'm fortunate to have a fairly advanced web scraping library already built in PHP, so I just plugged the XML from TamperData (firefox plugin), into it, and tweaked a few things.
To emulate xhr-polling (my proxy doesn't allow websockets, and this looked simpler anyway)...
Make a request to:
/socket.io/1/?t=1337779479761
(The 13377... number is just a timestamp, use time() to generate it).
That should return something like this:
682970926640665221:60:60:websocket,htmlfile,xhr-polling,jsonp-polling
Grab the big number at the front out, that's your "[CONNECT_ID]", which you'll keep for the remainder of the session. Now do another request:
/socket.io/1/xhr-polling/[CONNECT_ID]?t=[TIMESTAMP]
And you'll get back something like ::1
That's about as far as I bothered to follow it, it all looked fairly basic from there... no special headers or anything sneaky. Suggest you use TamperData or a packet sniffer, and just follow it yourself. Here was the output from my code:
$ php RealTestCurl.php xml/xhr.xml init1 xhr1 xhr1 xhr1 xhr1
xmlFilename: xml/xhr.xml
Step: init1
Reply: 7638339571841585529:60:60:websocket,htmlfile,xhr-polling,jsonp-polling
Found: connect_id: ([0-9]*) - 7638339571841585529
Step: xhr1
Reply: 1::
Step: xhr1
Reply: ?46?5:::{"name":"news","args":[{"hello":"world"}]}?63?5:::{"name":"this","args":[{"will":"be received by everyone"}]}
Step: xhr1
.... there is a massive 20 second timeout here
Step: xhr1
8::
Step: xhr1
8::
And on the node.js/socket.io side, running on of the basic examples from their front page:
debug - client authorized
info - handshake authorized 3445861131360107212
debug - setting request GET /socket.io/1/xhr-polling/3445861131360107212?t=1337781185
debug - setting poll timeout
debug - client authorized for
debug - clearing poll timeout
debug - xhr-polling writing 1::
debug - set close timeout for client 3445861131360107212
debug - websocket writing 5:::{"name":"this","args":[{"will":"be received by everyone"}]}
