[erlang-questions] setting cookies with cowboy websocket handler

Alex Babkin <>
Wed Jan 30 16:23:26 CET 2013


Thanks OJ, this makes sense


On Tue, Jan 29, 2013 at 7:49 PM, OJ Reeves <> wrote:

> Alex,
>
> I don't believe that sending cookies in the response when in the websocket
> handler will result in a cookie being set in the browser. The way I handle
> this is sending the cookie in the response outside of the websocket handler.
>
> That is, I have a "home" and "websocket" resource. I deal with
> authentication in the usual HTTP/REST way in the "home" resource, and only
> when the user is authenticated do I set up a websocket for communications
> via the "websocket" resource. My websocket_init function in the "websocket"
> resource is able to check for the authentication cookie, and if the user
> isn't auth'd then the websocket connection is killed.
>
> I haven't tried (or considered) setting up and sending out an auth cookie
> via websocket_init, I don't feel that it makes much sense.
>
> Hope that helps in some way.
>  OJ
>
>
> On Wed, Jan 30, 2013 at 10:36 AM, Alex Babkin <> wrote:
>
>> Hi all
>>
>> Imagine an auth protocol over a websocket: client sends credentials,
>> server responds with either success or failure. If success, it should set
>> some persistent state so if the user reloads the page, the session will
>> continue until either logout or some timeout
>>
>> I'm trying to set a cookie from a websocket handler, such that after a
>> page reload, in the websocket handler init i can try to read back the
>> cookie and check for it's validity and if valid, resume the session without
>> the user needing to login again
>>
>> here is some code i tried with no success, i.e upon reload, the cookie is
>> no longer there (or perhaps is never getting set by the handler to begin
>> with)
>>
>> websocket_handle({text, Input}, Req, State) ->
>>   lager:debug("stream received ~s", [Input]),
>>   Req2 = cowboy_req:set_resp_cookie(
>>     <<"auth">>,
>>     [<<"test">>],
>>     [{max_age, 600}, {path, "/"}, {secure, true}, {http_only, true}],
>>     Req
>>   ),
>>   {ok, Req3} = cowboy_req:reply(200, Req2),
>>   {ok, Req3, NewState}.
>>
>> ... or alternatively:
>>
>> {reply, {text, Output}, Req2, NewState}.
>>
>> as the last line
>>
>> after the socket terminates and i try to reload page i do this in
>> websocket init:
>>
>> {Cookie, Req2} = cowboy_req:cookie(<<"auth">>, Req),
>>
>> and there are no cookies
>>
>>
>> any ideas what i'm doing wrong?
>> is this even possible with websocket or do i pretty much have to have a
>> dedicated regular http roundtrip to set the auth cookie?
>>
>> Thanks
>>
>>
>>
>> _______________________________________________
>> erlang-questions mailing list
>> 
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
>>
>
>
> --
>
> OJ Reeves
> +61 431 952 586
> http://buffered.io/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20130130/59269f8c/attachment.html>


More information about the erlang-questions mailing list