Martin Karlgren wrote:
I guess the API user could keep track of sid:s and Server objects separately, if they don???t want a .farm?
It was/is not intended to be used like that, though the only dependency here is that in the Server object there are exactly three references to the global clients list.
Can you imagine a use case where this is desirable?
I'd imagine that the globally shared sid lookup mapping might be regarded as a security issue
Not really. The global clients mapping with all sids in it, is a private object and thus not accessible for reading or writing from outside of the EngineIO module. The sids cannot be guessed, they are cryptographically secure.
in more complex setups, such as multiple listener ports with different user permissions or whatever. (Although using a TLS port should keep the sid secret enough, I guess.)
Those setups are explicitly supported through the single farm. You only need a single farm, regardless of how many listener ports/urls you are listening on.