Delete session in Phoenix In Action, why using both clear_session and configure_session(drop: true)?

Programming Phoenix logs a user out with

configure_session(drop: true)

Phoenix in Action logs a user out with

|> clear_session()
|> configure_session(drop: true)

Clear session:

Clears the entire session.

This function removes every key from the session, clearing the session.

Note that, even if clear_session/1 is used, the session is still sent to the client. If the session should be effectively dropped , configure_session/2 should be used with the :drop option set to true .

So just wondering why are both being used?

Thank you

Clear session makes sure plugs later in the pipeline of the current request can no longer read the values currently in the session. Dropping the session just makes sure the session is dropped for the response sent back, but doesn‘t touch current session values.

1 Like

I’m not sure if this is still an issue today but I remember not being able to see Flash messages when logging out using configure_session(conn, drop: true). That’s based on going through the book maybe 8 months ago.

To get around that I ended up changing that to be delete_session(conn, :user_id).

1 Like

Does that mean that the key value pairs will remain available on the next request or when “the session is dropped for the response sent back” that means it effectively gets deleted and only current request will still be able to read the pairs?