SessionHeaderPlug
SessionHeaderPlug is a plug to handle session headers and session stores.
Plug.Session
stores the session
data (whether a session ID or the session itself) in a cookie. While this works
great for server-rendered sites and same origin clients, it fails for
cross-origin clients using modern browser defaults.
You could include the session data in the bodies of your requests and responses, but this would require significant API design and would either require every response to include the session data or logic for every response to determine whether or not to include session data.
SessionHeaderPlug operates just like Plug.Session
, only it transmits and
receives the session data through a custom header instead of a cookie.
Installation
Add session_header_plug
and a session store to your list of dependencies in
mix.exs:
defp deps do
[
{:session_header_plug, "~> 0.1.1"},
{:session_server_store, "~> 0.1.0"},
]
end
Usage
Server
- Plug it in.
plug SessionHeaderPlug,
store: SessionServerStore,
key: "session-id",
timeout: 86400,
idle_timeout: :infinity
plug :fetch_session
- Use the session functions on
Plug.Conn
.
conn
|> put_session(:user_id, "admin@somedomain.com")
|> put_session(:admin?, true)
|> json(%{foo: "bar"})
Client
const headers = { 'session-id': localStorage.getItem('sid') }
fetch('https://somedomain.com/api/', { headers: headers })
.then((response) => {
localStorage.setItem('sid', response.headers.get('session-id'))
})