Why does ensure_authenticated check users_tokens on every navigate?

I just wondering, if you are navigating within the same live_session i.e. “/home” ↔ “/users/settings”

    live_session :require_authenticated_user,
      on_mount: [{Lorem.UserAuth, :ensure_authenticated}] do
      live "/users/settings", UserSettingsLive, :edit
      live "/home", HomeLive
    end

Why does :ensure_authenticated check the users_tokens again although we are in the same live_session scope?

Because you are mounting on navigation.
If you were doing authorization instead of just authentication you would certainly want that to run.

Even when it’s within the same live_session scope?

I do realize, although there is a db query to “users_tokens”, that has been optimization by using assign_new so no diff is sent to the front-end, if the current_user is same.

Yes, only with a patch it isn’t. Navigating in a live_session means the websocket isn’t closed and reestablished.

@Hermanverschooten noted and thank you for clarifying :smile: :pray: