roganjoshua
I am trying to set a cookie that is permanent until changed
The problem I am trying to solve is this:
There is no authenticated or session user per se, just the browser.
When someone lands on the page I ask them to select a train station as their home train station. I want to store this somewhere, cookie?, so that when they return, that station will be their home station, until they change it.
It isn’t really a session thing, since their is no authentication, I am trying to make it as effortless for the user as possible.
Or is it better to just store it in session anyway?
Most Liked
garrison
Session has two meanings here:
First, there is the Plug.Session which is a k/v store (often called a Session in webdev) which stores data either in a cookie on the client (Plug.Session.COOKIE) or in an :ets table (Plug.Session.ETS).
Then, there is what is termed a “session cookie”, which is a cookie with no expiry set. When you set a cookie with no expiry (or max-age), the browser will delete that cookie “when it feels like it”, which is usually when the window or browser is closed (but not always).
If you use Plug.Session out of the box, you are probably using the Plug.Session.COOKIE store with the default settings. The default max-age for the Plug.Session cookie (which is configurable) is nil, meaning the cookie will have no expiry. This leads to the following unfortunate statement:
The “Session Cookie” is stored in a “session cookie”.
But it does not have to be a “session cookie” in which you store your “Session Cookie”, because you can set the :max_age option for Plug.Session, and then your Session will survive the browser being closed ![]()
But yeah, in practice you can just set a cookie and then load it into the session instead of doing that. That’s what phx.gen.auth does.
BartOtten
Sessions: are gone when the browser is closed
Cookie: Great for permanent data like a location. However, you can’t access cookies from the socket.
To safe-guard your application, Phoenix limits and validates the connection information your socket can access. This means your application is safe from these attacks, but you can’t access cookies and other headers in your socket.
The solution when using LiveView? Read the cookie in a conn plug, set it in the session and pick it up in the LiveView again.
Local storage: this is not send to the server but you might be able to preselect the right location with a Javascript hook. This saves you the hassle of a cookie read, session set and session get.
garrison
BTW, to actually answer the OP:
It is fine to store your flag in a cookie.
If you decide you want to use LiveView, you won’t be able to access the cookie directly, but you can copy it from the cookie to the session and then to the assigns. If you want to see an example of this, run phx.gen.auth on an empty project and have a look at user_auth.ex, particularly ensure_user_token/1 and on_mount/4.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance









