Passing information to a `conn` from a LiveView `socket`

Good Day,

I’ve seen many threads here and elsewhere regarding passing information from a regular conn (such as session data) to a liveview socket, but is there any way to do the opposite?

In my legacy applications, I support redirecting back to where the user came from when they run into a route that requires them to login if they aren’t already.

To do this, I hook the central function that’s in charge of redirecting them to the login page and store the path they came from in the session.

So passing data from the session into the liveview is no problem, how about going the other way? In my socket default_assigns I do this check, and redirect to the login page (which is also a liveview), however that liveview posts to a regular old controller so we can interact with the session.

How can I pass this information from the liveview socket assigns, to the conn without passing the information in the URL or posting the data?

The reasoning behind this is mostly security consideration, when the system is directly responsible for managing the path that is to be redirected we can’t redirect to an incorrect path (the path is stored only when a login is required, and that is only checked if the route actually exists here).

Maybe this isn’t even a concern, and I’ll be fine passing the redirect in the URL? This function won’t redirect to an external URL, assuming there is no vulnerability in how the browser parses URLs.

That’s common practice to have redirect_uri query_param in login url.

However, if for some reason that doesn’t fit your case I can think of an ajax call to some regular controller where you can update user’s browser session before redirect to “login” page.

Hmm that’s what I was leaning towards, the more I look at it the security risk is rather minimal, only the possibility of being redirected to an incorrect page within the application.

I will go that route then!