Access HTTP headers in websocket-in node to link user to session ID

Hi,
I have a Node-RED setup behind Nginx. When a WebSocket connection is established, Nginx injects a verified X-Myapp-User header into the handshake request.
Using webSocketNodeVerifyClient in settings.js I can read this header:

webSocketNodeVerifyClient: function(info) {
    const user = info.req.headers['x-myapp-user'] || '';
    console.log('user:', user); // works fine
    return true;
}

The problem is linking this user to the _session.id that Node-RED assigns to the connection and that appears in msg._session.id inside the flow.
The _session.id is generated by RED.util.generateId() inside handleConnection() — after verifyClient has already returned. So at the time of verifyClient, the session ID doesn't exist yet.
Is there any documented/stable way to:

1. Store the user from verifyClient
2. Retrieve it later in the flow associated with the correct _session.id

Without modifying core files or writing a custom node?
Thanks

Hi @Lupin_III

Having had a look at the options, this one is "hard"

One way to allow this,
Here: node-red/packages/node_modules/@node-red/nodes/core/network/22-websocket.js at 7231e3d7658927c49d5b5756de28904a04b40c76 · node-red/node-red · GitHub

Include the req as part of the event object

if you ask nicely of @dceejay, im sure he will be obliged.
This way, you can use the status node to match both the User Header + session ID

Unless I am missing some other obvious method (Possible)

I do agree however, having access to the initial request object, should be provided inside the flow