[erlang-questions] setting cookies with cowboy websocket handler
JD Bothma
jbothma@REDACTED
Thu Jan 31 08:02:33 CET 2013
I'm not very familiar with cowboy but AFAIK generally...
The last opportunity to set a cookie over HTTP (e.g. with cowboy's resp
functions) is when you do the upgrade to websocket:
client -> GET /websocket.endpoint
server -> Upgrade : ... header; Cookie: header or whatever it looks like
So once you're talking over websocket, it's too late. If you really want to
set a cookie and auth over websocket, you can send the cookie over
websocket and set it using javascript on the client.
On 30 January 2013 01:36, Alex Babkin <ababkin@REDACTED> wrote:
> Hi all
>
> Imagine an auth protocol over a websocket: client sends credentials,
> server responds with either success or failure. If success, it should set
> some persistent state so if the user reloads the page, the session will
> continue until either logout or some timeout
>
> I'm trying to set a cookie from a websocket handler, such that after a
> page reload, in the websocket handler init i can try to read back the
> cookie and check for it's validity and if valid, resume the session without
> the user needing to login again
>
> here is some code i tried with no success, i.e upon reload, the cookie is
> no longer there (or perhaps is never getting set by the handler to begin
> with)
>
> websocket_handle({text, Input}, Req, State) ->
> lager:debug("stream received ~s", [Input]),
> Req2 = cowboy_req:set_resp_cookie(
> <<"auth">>,
> [<<"test">>],
> [{max_age, 600}, {path, "/"}, {secure, true}, {http_only, true}],
> Req
> ),
> {ok, Req3} = cowboy_req:reply(200, Req2),
> {ok, Req3, NewState}.
>
> ... or alternatively:
>
> {reply, {text, Output}, Req2, NewState}.
>
> as the last line
>
> after the socket terminates and i try to reload page i do this in
> websocket init:
>
> {Cookie, Req2} = cowboy_req:cookie(<<"auth">>, Req),
>
> and there are no cookies
>
>
> any ideas what i'm doing wrong?
> is this even possible with websocket or do i pretty much have to have a
> dedicated regular http roundtrip to set the auth cookie?
>
> Thanks
>
>
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20130131/92121ec5/attachment.htm>
More information about the erlang-questions
mailing list