gcauchon
Plug.Session options as module attribute for Phoenix.LiveView!?
Good afternoon folks
I’ve been playing around with LiveView for a few days now and I have to admit it’s changing my approach to many use cases for client projets!
There is one thing I can wrap my head around: configuration for the production release; let me explain…
- In our actual way of packaging releases in Docker images, following 12-Factor App principles, the
Plug.Sessiongets it’skeyandsigning_saltoptions from environment variables withApplication.get_env/3.
- The
LiveViewdocumentation says to extract the@session_optionsto a module attribute…
As module attribute, options are expanded at compile time! It works locally for development purposes since the same variables are used at both compile time and runtime, but breaks during the docker build… of the CI workflow because SESSION_KEY and SIGNING_SALT are not available!
I looked at the code in Phoenix and Plug.Session to understand if there is a different way to configure the socket session callback, but came out clear the
session needs to be a Map…
Is it considered good practice to bake the session key and signing_salt in a version binaries, meaning we would have to build a new Docker image to change those value?
Marked As Solved
gcauchon
A little update on my configuration issue with MFA!
I opened an issue on the Phoenix repo yesterday…
https://github.com/phoenixframework/phoenix/issues/3754
it was fixed 6h later by @josevalim ![]()
Also Liked
gcauchon
I’m not using the “vanilla” Plug.Session configuration! Like for many other plugs in the default Phoenix configuration, you hate to use init/1 and call/2 explicitly to bypass the default macro expansion at compile time.
I also extracted a get_options/0 function to a separate module to be {m, f, a} compatible and am not using the module attribute because it is not required anymore!
lib/foo_web/endpoint.ex
defmodule FooWeb.Endpoint do
use Phoenix.Endpoint, otp_app: :foo
…
socket("/live", Phoenix.LiveView.Socket,
websocket: [
connect_info: [
{:session, {FooWeb.Session, :get_options, []}}
]
])
…
plug(Plug.MethodOverride)
plug(Plug.Head)
plug(:session)
plug(FooWeb.Router)
…
defp session(conn, _opts) do
opts = Plug.Session.init(FooWeb.Session.get_options())
Plug.Session.call(conn, opts)
end
…
end
lib/foo_web/session.ex
defmodule FooWeb.Session do
def get_options do
[
store: :cookie,
key: System.get_env("SESSION_KEY"),
signing_salt: System.get_env("SIGNING_SALT")
]
end
end
chrismccord
On Phoenix master we allow the session connect_info to be an MFA, so stay tuned.
i-n-g-m-a-r
Thanks again @gcauchon, your solution works like a charm, awesome!
I decided to load session options into the application environment.
Also an inline session module will do the trick.
# MyApp.Application
...
def start(_type, _args) do
Application.put_env(:my_app, :session_options, [
store: :cookie,
key: "session",
signing_salt: System.fetch_env!("SESSION_SIGNING_SALT")
])
children = [
...
end
...
Configure session at runtime.
# MyApp.Endpoint
...
defmodule Session do
def options do
Application.get_env(:my_app, :session_options)
end
end
defp session(conn, _opts) do
Plug.Session.call(conn, Plug.Session.init(
Session.options()
))
end
...
socket "/live", Phoenix.LiveView.Socket, websocket: [
connect_info: [session: {Session, :options, []}]
]
...
plug Plug.MethodOverride
plug Plug.Head
plug(:session)
plug MyApp.Router
...
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #javascript
- #code-sync
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








