I’ve seen many threads here and elsewhere regarding passing information from a regular conn (such as session data) to a liveview socket, but is there any way to do the opposite?
In my legacy applications, I support redirecting back to where the user came from when they run into a route that requires them to login if they aren’t already.
To do this, I hook the central function that’s in charge of redirecting them to the login page and store the path they came from in the session.
So passing data from the session into the liveview is no problem, how about going the other way? In my socket default_assigns I do this check, and redirect to the login page (which is also a liveview), however that liveview posts to a regular old controller so we can interact with the session.
How can I pass this information from the liveview socket assigns, to the conn without passing the information in the URL or posting the data?
The reasoning behind this is mostly security consideration, when the system is directly responsible for managing the path that is to be redirected we can’t redirect to an incorrect path (the path is stored only when a login is required, and that is only checked if the route actually exists here).
Maybe this isn’t even a concern, and I’ll be fine passing the redirect in the URL? This function won’t redirect to an external URL, assuming there is no vulnerability in how the browser parses URLs.