[erlang-questions] setting cookies with cowboy websocket handler

JD Bothma <>
Thu Jan 31 08:02:33 CET 2013


I'm not very familiar with cowboy but AFAIK generally...

The last opportunity to set a cookie over HTTP (e.g. with cowboy's resp
functions) is when you do the upgrade to websocket:

client -> GET /websocket.endpoint
server -> Upgrade : ... header; Cookie: header or whatever it looks like

So once you're talking over websocket, it's too late. If you really want to
set a cookie and auth over websocket, you can send the cookie over
websocket and set it using javascript on the client.


On 30 January 2013 01:36, Alex Babkin <> wrote:

> Hi all
>
> Imagine an auth protocol over a websocket: client sends credentials,
> server responds with either success or failure. If success, it should set
> some persistent state so if the user reloads the page, the session will
> continue until either logout or some timeout
>
> I'm trying to set a cookie from a websocket handler, such that after a
> page reload, in the websocket handler init i can try to read back the
> cookie and check for it's validity and if valid, resume the session without
> the user needing to login again
>
> here is some code i tried with no success, i.e upon reload, the cookie is
> no longer there (or perhaps is never getting set by the handler to begin
> with)
>
> websocket_handle({text, Input}, Req, State) ->
>   lager:debug("stream received ~s", [Input]),
>   Req2 = cowboy_req:set_resp_cookie(
>     <<"auth">>,
>     [<<"test">>],
>     [{max_age, 600}, {path, "/"}, {secure, true}, {http_only, true}],
>     Req
>   ),
>   {ok, Req3} = cowboy_req:reply(200, Req2),
>   {ok, Req3, NewState}.
>
> ... or alternatively:
>
> {reply, {text, Output}, Req2, NewState}.
>
> as the last line
>
> after the socket terminates and i try to reload page i do this in
> websocket init:
>
> {Cookie, Req2} = cowboy_req:cookie(<<"auth">>, Req),
>
> and there are no cookies
>
>
> any ideas what i'm doing wrong?
> is this even possible with websocket or do i pretty much have to have a
> dedicated regular http roundtrip to set the auth cookie?
>
> Thanks
>
>
>
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20130131/92121ec5/attachment.html>


More information about the erlang-questions mailing list