why

why

What do params do in case of socket connections?

Hi,

trying to understand the role of “params” in case of socket connections. Looked through the docs, the forum and Google, but still not quite clear on this yet.

In case of “regular” (i.e. non-websocket) http requests, params simply seem to be the request parameters supplied via URL or POST request, stored in “params” by Phoenix behind the scenes (at least initially).

Is this the same in case of socket connections?

Thank you for your thoughts!

Most Liked

hauleth

hauleth

In theory yes, but (there are always buts):

  • Long tokens will cause longer message to be sent to the server - you leak information which connections are authenticated
  • When you send token via JS you need to store that token in some place that is accessible for JS (for example Local Storage), which makes you susceptible to XSS side-channel attacks

So in general I would generate short-lived token (like 1m) that is fetched just before connecting and then it is sent to the browser as an authentication and isn’t stored anywhere. The token fetching happens over regular HTTP session with http-only cookie.

idi527

idi527

:waving_hand:

If you mean the params passed to the Socket object

// on the client                             |--goes to the backend--|
let socket  = new Socket("/socket", {params: {token: window.userToken}})
socket.connect()

then yes, they go straight to the connect/3 callback:

# on the backend
#           |-from the client-|
def connect(%{"token" => token}, socket, _connect_info) do
  # token here is passed from the client
end

Channels — Phoenix v1.8.8 might be helpful.


Off-topic:

AFAIK, the params are encoded into the query string, so they can’t be too large, since the URL length is sometimes suggested to be under 2048 characters (there might be limits by the browser? by the web server? both? not sure).

So the client connects to a URL like ws://example.com/socket/websocket?vsn=2.0&token=some_token_sent_from_client and the backend just decodes the query string and passes it into connect/3.

sb8244

sb8244

Author of Real-Time Phoenix

I agree here, although I have a word of caution about fetching before connecting. If all clients reconnect at once (or in a few seconds window), then you can end up sending a ton of requests to whatever provides your authentication service. For example, the equivalent of 1.2m rpm was being sent to our server when we did this, and it wasn’t specced for that.

One technique to avoid this is to always have a short lived token available. I use a 10 minute token that is fetched every 5-9 minutes to avoid thundering herd effect.

Where Next?

Popular in Questions Top

chokchit
** (DBConnection.ConnectionError) connection not available and request was dropped from queue after 2733ms. You can configure how long re...
New
aadeshere1
I have a another noob question about loop. Since elixir is immutable, while loop is not directly possible. total = 10 while total != 0 ...
New
Darmani72
If I have a post route which an argument: post /my_post_route/:my_param1, MyController.my_post_handler How would get the post params ...
New
JeremM34
Hello, how can I check the Phoenix version ? Thanks !
New
electic
Hi, I am new to Elixir. I am trying to use the DateTime component to insert a date into MySQL however the there seems to be no way to fo...
New
dokuzbir
I want to highlight html closing tags when i click a html tag. That works in .html files but doesnt work for html.eex templates. How can...
New
freewebwithme
Using vs code and installed ElixirLS: support and debugger. And I got an error popped up on start up says Failed to run ‘elixir’ comma...
New
ashish173
I am using Ecto timestamps with postgres, I can see the timestamps() use the :naive_dateime but for my use case I wanted to store the ti...
New
romenigld
I am trying to run a deploy with docker and I successfully runned with this command: docker build -t romenigld/blog-prod . but when I t...
New
PeterCarter
There are pre-rolled solutions for other frameworks that do work. However, Phoenix does not seem to have these. Have people had good expe...
New

Other popular topics Top

chrismccord
As promised, the first release candidate of Phoenix 1.3.0 is out! This release focuses on code generators with improved project structure...
New
ovidiubadita
Hey all, I discovered Elixir and I love it. I always wanted to learn a functional programming and I intended to go for Haskell, but afte...
New
Fl4m3Ph03n1x
About me? ( if you have nothing better to do than reading about some random guy in the internet :stuck_out_tongue: ) Hello all, this is ...
New
josevalim
Hi everyone, One of the features added to Elixir early on to help integration with Erlang code was the idea of overridable function defi...
New
baxterw3b
Hi guys, i’m new in the Elixir world, and i have to say, that i love it! i’m having some problem to understand anonymous functions with ...
New
fayddelight
I tried installing elixir 1.11.2 erlang 23.3.4 via asdf in my zsh shell. Enabled the versions locally and globally. When I list them ...
New
nobody
Hi! In PHP: $_SERVER[‘SERVER_ADDR’] - in Elixir? Searched the docs for ip address and the web, no good results. Thanks!
New
hariharasudhan94
Lets say I have map like this fetching from my database %{"_id" => #BSON.ObjectId<58eb1a7a9ad169198c3dXXXX>, "email" => ...
New
jononomo
For some reason my phoenix channels are working for me in my local dev environment, but as soon as I deploy via Docker, I get a 403 error...
New
sergio
Kind of like when jquery came out, it was super necessary. Existing drag and drop libraries have a bunch of baggage to support old browse...
New

Latest on Elixir Forum

We're in Beta

About us Mission Statement