Y
Hacker News
new
|
ask
|
show
|
jobs
by
boxed
1407 days ago
I don't understand. Why isn't the session cookie created at initial load, and then all the data in the session kept on the server side? Writing anything into a cookie except the session id seems weird to me. What am I missing?
2 comments
Ndymium
1406 days ago
By default Phoenix uses client side sessions. The session data is written into a cookie and signed (or encrypted) to prevent tampering.
link
danielheath
1406 days ago
Signed cookies are vastly simpler to scale. It’s a common enough problem that frameworks default to them.
link