[erlang-questions] setting cookies with cowboy websocket handler

Alex Babkin <>
Wed Jan 30 01:36:52 CET 2013

Hi all

Imagine an auth protocol over a websocket: client sends credentials, server
responds with either success or failure. If success, it should set some
persistent state so if the user reloads the page, the session will continue
until either logout or some timeout

I'm trying to set a cookie from a websocket handler, such that after a page
reload, in the websocket handler init i can try to read back the cookie and
check for it's validity and if valid, resume the session without the user
needing to login again

here is some code i tried with no success, i.e upon reload, the cookie is
no longer there (or perhaps is never getting set by the handler to begin

websocket_handle({text, Input}, Req, State) ->
  lager:debug("stream received ~s", [Input]),
  Req2 = cowboy_req:set_resp_cookie(
    [{max_age, 600}, {path, "/"}, {secure, true}, {http_only, true}],
  {ok, Req3} = cowboy_req:reply(200, Req2),
  {ok, Req3, NewState}.

... or alternatively:

{reply, {text, Output}, Req2, NewState}.

as the last line

after the socket terminates and i try to reload page i do this in websocket

{Cookie, Req2} = cowboy_req:cookie(<<"auth">>, Req),

and there are no cookies

any ideas what i'm doing wrong?
is this even possible with websocket or do i pretty much have to have a
dedicated regular http roundtrip to set the auth cookie?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20130129/a1962c85/attachment.html>

More information about the erlang-questions mailing list