[stevencorona]

I really enjoy working with LiveView and have personally built several substantially sized apps with it.

One of my current frustrations is the inability, out-of-the-box, to write to sessions from LiveView. I understand the reason why, but I personally find the "redirect to a controller to set the cookie" pattern to be a bit hacky and more work than I'd like in order to just.. set a cookie.

I hope that a future release has a built-in pattern for writing sessions and cookies in general.

[boxed]

I don't understand. Why isn't the session cookie created at initial load, and then all the data in the session kept on the server side? Writing anything into a cookie except the session id seems weird to me. What am I missing?

[Ndymium]

By default Phoenix uses client side sessions. The session data is written into a cookie and signed (or encrypted) to prevent tampering.

[danielheath]

Signed cookies are vastly simpler to scale. It’s a common enough problem that frameworks default to them.

[prophesi]

Yep, we had to use https://github.com/pentacent/phoenix_live_session and then made a PR for it to support Nebulex as an alternative to ETS. Hoping something like this makes it upstream.

[dugmartin]

Could you use a 0 pixel 1st party iframe instead of a redirect to set the cookie? At least that way you could set and update it within the live view code (you would need a controller endpoint for the iframe still).

[digianarchist]

That's done for security reasons though right? I thought browsers isolated http cookies from client side cookies.