How to generate Sessionless, Cookie-Free Cacheable HTML

Plug.Session and session_options are deep into Phoenix HTML.

Is there a switch or simple pattern to create a route/path that does not put sessions and cookies on HTML?

I want to use all the existing Phoenix infrastructure, but do not want Cookies on HTML.

This is for CDN and caching purposes. Varnish for instance, will not cache when cookies are present.

references

I started going down the path suggested in this LiveView post and it felt like I would need to touch maybe 5 or 5-6 places

  1. Router
  2. Endpoint
  3. Controller
  4. Template
  5. Layout
    etc

totally fine doing this, but I would like to check with the Elixir Forum folks if there is a more elegant way

Sort of yes and sort of no. All of this behavior is defined in code you control. By default, the :browser pipeline fetches the session and calls some other plugs that use the session, but you can change all of this if you want.

Just a few days ago I set up sessionless LiveView so that I can use it in a context where the page is served by a proxy that strips all cookie headers. Yes, you have to touch the code in 5-6 different places, but it’s all your code. The code that Phoenix generates isn’t sacred, and can/should be changed to meet your needs.

So, is there a single switch? No. Is there a simple pattern? Yes: it’s the same pattern that the rest of the application is generated around. Create a new plug pipeline replacing the bits you don’t want with bits you do! This lack of “magic” requires a bit more effort up front but should pay dividends when your requirements change slightly months down the road.

thanks @zachallaun great feedback

I started down the roadmap you described and will do something along those lines

this basically works

simple write up

1 Like

12 files