So I’m working on a spending tracker app, and I want everyone gets to use the app without logging in as a user first. I also want the non-user to be able to save the data that only belongs to their device (using uuid or similar identifier), but how do I create a session based on this? Or do I need a session implementation at all?
Just in general, how do people approach non-user usage for their phone app?
I’ve been thinking and adding schema/functions for this problem for 2 days, really need your helps. Thanks!
I’ve needed something similar in the past for an in person multiplayer game so that friends invited via a QR code could join and start playing immediately without signing up, but could create an account after the game ends to save the game data e.g. result, chat, stats, etc.
Given the low stakes and to keep things simple, I’d create and log each guest players into a new placeholder user account marked as a guest account and tied to the client’s session uuid when they scanned a QR that opened a url to join a specific active game e.g. myapp.com/join/[game-uuid].
That way retroactively creating an account meant adding some auth method whiling removing the guest account flag and vestigial session uuid. That guest flag also makes it simple for a cron job to delete unconverted guest accounts older than some threshold. In theory, you could use the presence of a session uuid to indicate a guest account… ¯\_(ツ)_/¯
1 Like
Your solution seems pretty good to me, but how do you verify that guest player is that particular guest? Or verify a session? I’m pretty new to Auth and have no knowledge on this, can you give me some pointers on how to manage this session?
You can look at the code generated by phx.gen.auth, lots of lessons to learn there. The generator is getting a big revamp on the upcoming Phoenix v1.8 release, focusing on magic-link authentication (worth looking at the newer code).
You could use the same or similar token-issuing and session management code. When a new user shows up you generate a session token, optionally an automatic guest user.
Having a guest user might makes things easier if you need to save state associated with a user_id. If you can / intend to save all temporary data on the session (cookie), then you could probably do without a user entity until they decide to create an account and then you can import the data from the session into the DB.
3 Likes
I’ll use a guest user, it seems cleaner and no need to use cookie. And thanks for the pointers.
