Is there an update to put_session from phoenix liveview login form?

I see a bunch of workarounds for getting a user signed in with a form built in liveview. I don’t particularly like the workarounds, they are very hacky in nature. They were also posted a couple of years ago, so I’m wondering if there is anything new.

I have a login form built in liveview. What is the best way to get the user id into the user’s session when I can only access socket? Is there a standard way to do this now?

If you’re talking about building a full login flow, including form submission, in pure LiveView then that’s not possible. This is a limitation of websockets, not LiveView. I build login forms in LiveView that submit to a controller action to handle the actual login which sets the session data and redirects back to the LiveView. This, along with logout, usually end up being the only controller actions in my projects (mind you they have all been toy projects).

If you’re talking about a cleaner way to materialized a user id from a session into a user struct, take a look at on_mount.


Yeah that’s what I thought, thank you. Just rebuilt a basic version of the form sans validation in vanilla phoenix.

You can target a hidden iframe with your form, so the put/post request goes through that connection to a controller for session mutation without tearing down/navigating away from your LiveView, but it may not be the “golden path” and you may still consider it hacky :upside_down_face:

To nick pick, it is possible, as long as you don’t use session for that. Whether it is a good practice is up for debate.

1 Like

I’m truly intrigued. What other secure method is there than session? Am I missing something obvious??

I use local storage for storing the security token client side and send it back as part of the websocket connect parameter. The caveat is that the token is readable by javascript so if you have 3rd party javascript not trustworthy (such as google analytics) then it may leak.

Oh right, ha. I even working with local storage today. But yes, certainly a contentious debate topic.