hawkyre
Fetch plug session from cowboy for websocket connection
I have a cowboy server that has had a normal API where I use plug, and I use plug to encode and decode the request’s user session. However, now I need to use websockets as well, and I can’t use plug with the cowboy websockets afaik so I’m kinda stuck on how to retrieve and decode the session.
Most Liked
LostKobrakai
While there are indeed ways to get access to the cookie it needs to be mentioned that phoenix doesn‘t expose it by design. Websockets lack working under the same site policy in browsers, so any website not just your own could establish a websocket connection to your server and the browser would provide the users cookie. Therefore do not use the cookie for authentication. This is knows as cross site websocket hijacking CSWSH.
Phoenix has guides on how to handle authentication with channels and LV. Follow them for a secure approach to authentication over websockets.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








