I’ve been playing around with LiveView for a few days now and I have to admit it’s changing my approach to many use cases for client projets!
There is one thing I can wrap my head around: configuration for the production release; let me explain…
In our actual way of packaging releases in Docker images, following 12-Factor App principles, the Plug.Session gets it’s key and signing_salt options from environment variables with Application.get_env/3.
The LiveView documentation says to extract the @session_options to a module attribute…
As module attribute, options are expanded at compile time! It works locally for development purposes since the same variables are used at both compile time and runtime, but breaks during the docker build… of the CI workflow because SESSION_KEY and SIGNING_SALT are not available!
I looked at the code in Phoenix and Plug.Session to understand if there is a different way to configure the socket session callback, but came out clear the session needs to be a Map…
Is it considered good practice to bake the session key and signing_salt in a version binaries, meaning we would have to build a new Docker image to change those value?
@chrismccord Even with MFA, it looks like the configuration still is compile time!
The before_compile macro expands to private do_handler/3 functions to match on every HTTP/Socket paths.
To generate the list of sockets to loop on, socket_paths/4 invokes Phoenix.Socket.Transport.load_config/2 explicitly, thus resolving the MFA, at compile time…
{:session, session_config} - the session information from Plug.Conn. The session_config is an exact copy of the arguments given to Plug.Session. This requires the “_csrf_token” to be given as request parameter with the value of URI.encode_www_form(Plug.CSRFProtection.get_csrf_token()) when connecting to the socket. It can also be a MFA to allow loading config in runtime {MyAppWeb.Auth, :get_session_config, []} . Otherwise the session will be nil .
But to me this is abracadabra and I’m not sure how this relates to configuring Plug.Session at runtime.
Do you have an actual working example of configuring the session at runtime?
I’m not using the “vanilla” Plug.Session configuration! Like for many other plugs in the default Phoenix configuration, you hate to use init/1 and call/2 explicitly to bypass the default macro expansion at compile time.
I also extracted a get_options/0 function to a separate module to be {m, f, a} compatible and am not using the module attribute because it is not required anymore!
lib/foo_web/endpoint.ex
defmodule FooWeb.Endpoint do
use Phoenix.Endpoint, otp_app: :foo
…
socket("/live", Phoenix.LiveView.Socket,
websocket: [
connect_info: [
{:session, {FooWeb.Session, :get_options, []}}
]
])
…
plug(Plug.MethodOverride)
plug(Plug.Head)
plug(:session)
plug(FooWeb.Router)
…
defp session(conn, _opts) do
opts = Plug.Session.init(FooWeb.Session.get_options())
Plug.Session.call(conn, opts)
end
…
end
lib/foo_web/session.ex
defmodule FooWeb.Session do
def get_options do
[
store: :cookie,
key: System.get_env("SESSION_KEY"),
signing_salt: System.get_env("SIGNING_SALT")
]
end
end
Thank you for this explanation, very useful indeed.
I wonder how System.get_env/2 performance compares to populating the application environment on startup and calling Application.get_env/3 on every request.
Not sure whether System.get_env/2 caches results and is also a single ets read once a value becomes available.
Thanks again @gcauchon, your solution works like a charm, awesome!
I decided to load session options into the application environment.
Also an inline session module will do the trick.
# MyApp.Application
...
def start(_type, _args) do
Application.put_env(:my_app, :session_options, [
store: :cookie,
key: "session",
signing_salt: System.fetch_env!("SESSION_SIGNING_SALT")
])
children = [
...
end
...
Configure session at runtime.
# MyApp.Endpoint
...
defmodule Session do
def options do
Application.get_env(:my_app, :session_options)
end
end
defp session(conn, _opts) do
Plug.Session.call(conn, Plug.Session.init(
Session.options()
))
end
...
socket "/live", Phoenix.LiveView.Socket, websocket: [
connect_info: [session: {Session, :options, []}]
]
...
plug Plug.MethodOverride
plug Plug.Head
plug(:session)
plug MyApp.Router
...
I am starting a Live website from scratch or at least from the directions. Often times I see changes to config files or some additional settings. Its hard to understand which is necessary and which isn’t. So that left me to ask is the change suggested in this thread needed to create a vanilla website?
It is if you want to deploy your application as an OTP release and follow the 12-Factor principles:
tldr;
The twelve-factor app stores config in environment variables. ENV are easy to change between deploys without changing any code; unlike config files, there is little chance of them being checked into the code repo accidentally; and unlike custom config files, or other config mechanisms such as Java System Properties, they are a language- and OS-agnostic standard.