--- taskmaster_id: "2.5" status: "done" priority: "medium" depends_on: ["1"] parent_id: "2" source: "taskmaster" generated_at: "2026-05-28T11:49:27.076Z" --- # 2.5 - Lock Socket.IO room joins to authenticated context - [x] 2.5 - Lock Socket.IO room joins to authenticated context #taskmaster #priority/medium #status/done 🔼 🆔 tm-2-5 ⛔ tm-1 ## Metadata | Field | Value | | --- | --- | | Taskmaster ID | 2.5 | | Status | done | | Priority | medium | | Dependencies | 1 | | Parent | 2 - Implement platform audit remediation plan | ## Description Remove trust in client-supplied user/buyer/seller room IDs. ## Details Validate socket handshake token, derive server-side room membership, reject mismatched joins, and monitor suspicious join attempts. ## Verification A user cannot subscribe to another user's rooms; legitimate realtime notifications still arrive.