Going off the example auth blog post where we have a plug helper like so.
# lib/my_app/router.ex
import MyAppWeb.UserAuth
pipeline :browser do
...
plug :fetch_current_user
end
# lib/my_app_web/controllers/user_auth.ex
@doc """
Authenticates the user by looking into the session
and remember me token.
"""
def fetch_current_user(conn, _opts) do
{user_token, conn} = ensure_user_token(conn)
user = user_token && Accounts.get_user_by_session_token(user_token)
assign(conn, :current_user, user)
end
In the context of a LiveView module, I see the user_token in the session on the mount callback.
I have seen the notes about sessions being serialized into strings, should I be concerned about upstream pipelines that adds this usrer_token to the session? When inspecting my session values on the mount I see a binary for the user token.
"user_token" => <<..,, ..., ..., ..., >>
Also, I’ve seen the notes about storing the user id vs the whole user value because of the string serialization.
After some reading, it looks like the past way of setting up the session from the route no longer works. https://github.com/phoenixframework/phoenix_live_view/commit/0020c35a438fb9da0d26121cfe9da45e6813a486
My other question is do I just make another plug that sets the session with the user_id for the socket?
if so I assume I then will need to query for the user via the user id every request for LiveView and auth. Is there a better way?