Programming Phoenix logs a user out with
Phoenix in Action logs a user out with
|> configure_session(drop: true)
Clears the entire session.
This function removes every key from the session, clearing the session.
Note that, even if
clear_session/1 is used, the session is still sent to the client. If the session should be effectively dropped ,
configure_session/2 should be used with the
:drop option set to
So just wondering why are both being used?
Clear session makes sure plugs later in the pipeline of the current request can no longer read the values currently in the session. Dropping the session just makes sure the session is dropped for the response sent back, but doesn‘t touch current session values.
I’m not sure if this is still an issue today but I remember not being able to see Flash messages when logging out using
configure_session(conn, drop: true). That’s based on going through the book maybe 8 months ago.
To get around that I ended up changing that to be
Does that mean that the key value pairs will remain available on the next request or when “the session is dropped for the response sent back” that means it effectively gets deleted and only current request will still be able to read the pairs?