aadii104
How to authenticate user on SSR?
In CSR we usually pass token with the request for backend verification, and we do this process by extracting the token from localStorage in the browser.
But in SSR we don’t have a browser or storage how can I pass a token to backend for verification?
If not tokens what are other possible solutions?
Thanks.
Most Liked
NobbZ
Do not do this!
You give away session hijacking for free with such a system.
Just explain your users why cookies are necessary. Even the most paranoid people will enable them if you assure them, that they are used for authentication only.
In Europe you are even allowed to do that without telling the user (as long as you do not write to the cookie before the user actually tries to log in), but most sites simply tell the user.
In general, you will store an encrypted and signed chunk of data in the cookie, perhaps using a Phoenix.Token. In many cases its just the current users id, which you will use to retrieve the users details from the database as necessary (maybe in a plug that uses assigns then?).
NobbZ
Using cookies is the most solid approach. You do not want to use anything else in the browser.
If you have other clients, feel free to otherwise sent the token from the client to the server in the request body, but do yourself a favor and never send it as part of the URL.
You’ll see only one IP shared for all workstations in my office, do you want to treat all of them the same? Do not do this, this is a very bad idea as long as IPv4 is still a thing.
idi527
Since it’s server-side, don’t you already have direct access to the user data needed for rendering? Just query the database …
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








