I have a phoenix app powering an API. Currently, authentication is done via session storage & cookies–when a request to authenticates comes in, the user’s ID is added to the session, and the current user added to the connection’s assigns. A status of
:ok is returned to the client (a vue.js app) which then knows we’re authenticated. So far so good.
One problem that I have is that, if the server restarts, the session info is lost, and the client doesn’t know it is no longer authenticated.
The complication here is that often the client will make requests to an endpoint that does not require authentication, so we’re still responding with 200s.
Is there a way for phoenix to intercept the incoming requests and then check to see if the
_myapp_key cookie is invalid? In that case I can return a
401, and the client can then redirect to the login page.