search

cconstantin / plug_rails_cookie_session_store

Rails compatible Plug session store
MIT License
94 stars 28 forks source link

LiveView Configuration Issue - LiveView session was misconfigured or the user token is outdated #16

Open AlanMcCann opened 4 years ago

AlanMcCann commented 4 years ago

Has anyone been able to get this working with LiveView or have any recommendations as to how I might debug this issue...

I am starting with https://github.com/dersnek/chirp as a working application

I get the following errors after setting everything up per the instructions... it seems like everything is as it should be

[debug] LiveView session was misconfigured or the user token is outdated.

1) Ensure your session configuration in your endpoint is in a module attribute:

    @session_options [
      ...
    ]

2) Change the `plug Plug.Session` to use said attribute:

    plug Plug.Session, @session_options

3) Also pass the `@session_options` to your LiveView socket:

    socket "/live", Phoenix.LiveView.Socket,
      websocket: [connect_info: [session: @session_options]]

4) Define the CSRF meta tag inside the `<head>` tag in your layout:

    <%= csrf_meta_tag() %>

5) Pass it forward in your app.js:

    let csrfToken = document.querySelector("meta[name='csrf-token']").getAttribute("content");
    let liveSocket = new LiveSocket("/live", Socket, {params: {_csrf_token: csrfToken}});

[info] REFUSED CONNECTION TO Phoenix.LiveView.Socket in 452µs
  Transport: :websocket
  Serializer: Phoenix.Socket.V2.JSONSerializer
  Parameters: %{"_csrf_token" => "Kzo_DhAfHjhVMH19RkUJfxEHICQcIQdqfNqFJyuA9ADH26DLUuWfnbQG", "vsn" => "2.0.0"}

My endpoint.ex file has the following sections:

  @session_options [
    store: PlugRailsCookieSessionStore,
    key: "_chirp_key",
    secure: true,
    signing_with_salt: true,
    signing_salt: "signed cookie",
    encrypt: true,
    encryption_salt: "signed encrypted cookie",
    key_iterations: 1000,
    key_length: 64,
    key_digest: :sha,
    serializer: Poison,
  ]
  ]
  socket "/socket", ChirpWeb.UserSocket,
    websocket: true,
    longpoll: false

  socket "/live", Phoenix.LiveView.Socket, websocket: [ connect_info: [session: @session_options]]
  plug Plug.MethodOverride
  plug Plug.Head
  plug Plug.Session, @session_options
  plug ChirpWeb.Router
AlanMcCann commented 4 years ago

The main issue appears to have been using secure: true locally without https. Removing that allows for everything to be working as a standalone. I did learn that my rails 5.2 config has a the signing secret created with :aes_256_cbc and the secret with :aes_256_gcm so figuring that out next.