The Pug Automatic

Persistent session data in Phoenix LiveView

Written May 22, 2020. Tagged Elixir, Phoenix LiveView.

I wrote previously about how to save persistent session data in the DB or in localStorage with Phoenix LiveView.

Third time's the charm – I now have a solution for storing it in the actual Plug/Phoenix session, based in large part on a solution that Martin Svalin shared.

The problem, again, is that there's no obvious way to save persistent session data in LiveView.

For example, I might implement a chat and want it to remember your username even if the page is reloaded, or you quit your browser and come back the next day.

LiveView is stateful, but keeps its state in a process that quits when you leave the page.

And since it only makes a single HTTP request initially to load the page (after that, it's all via WebSocket), we can't just set cookies or modify the Plug/Phoenix session as directly as we're used to – but as it turns out, we can do it in a roundabout way.

By default, Phoenix session data is stored in a cookie that is signed but not encrypted – the user can read it but can't modify it. Like localStorage, the data is stored client-side, so there's no need for a database dependency, and no need to worry about when to expire old session data. Unlike localStorage, it can be read server-side and can thus be present on the very first render of a LiveView.


I'm using LiveView 0.13.0.

A LiveView can't write to the session directly, so we'll instead have it trigger an Ajax request to our Phoenix app, which updates the session.

First, I modified my router to provide the endpoint for that Ajax call:

defmodule MyAppWeb.Router do
use MyAppWeb, :router

# …browser pipeline and routes…

pipeline :api do
plug :accepts, ["json"]
plug :fetch_session

scope "/api", MyAppWeb do
pipe_through :api

post "/session", SessionController, :set

Then I added the corresponding controller. It accepts only known keys ("username" and "some_other_value"). If we would blindly accept any key, users could set keys like "current_user_id", and nothing in the session could be trusted.

defmodule MyAppWeb.SessionController do
use MyAppWeb, :controller

def set(conn, %{"username" => username}), do: store_string(conn, :username, username)
def set(conn, %{"some_other_value" => some_other_value}), do: store_string(conn, :some_other_value, some_other_value)

defp store_string(conn, key, value) do
|> put_session(key, value)
|> json("OK!")

Then I made sure session cookies survive a restarted browser by setting max_age. Without this, your persistent data would only live for the duration of the browser session. If that's what you want, skip this step.

defmodule MyAppWeb.Endpoint do
use Phoenix.Endpoint, otp_app: :my_app

@session_options [
store: :cookie,
max_age: 9999999999, # Over 300 years.
key: "_my_app_key",
signing_salt: "abc123"

# …

Next, I define a LiveView hook to actually make this Ajax request.

In my case, I trigger the requests as you type (with a bit of debouncing so it doesn't happen on every single keystroke), but your needs may differ. You could have a hook trigger on blur instead, or on submit – with blur, you'd need to attach a hook to each form field.

let Hooks = {}
Hooks.SetSession = {

// Called when a LiveView is mounted, if it includes an element that uses this hook.
mounted() {
// `this.el` is the form.
this.el.addEventListener("input", (e) => {
this.timeout = setTimeout(() => {
// Ajax request to update session.
fetch(`/api/session?${}=${encodeURIComponent(}`, { method: "post" })

// Optionally, include this so other LiveViews can be notified of changes.
this.pushEventTo(".phx-hook-subscribe-to-session", "updated_session_data", [,])
}, this.DEBOUNCE_MS)

// Modifying this pre-existing code to include the hook.
let liveSocket = new LiveSocket("/live", Socket, {
params: {_csrf_token: csrfToken},
hooks: Hooks,

And finally, I add a phx-hook attribute to the form so that this hook will actually run:

<form phx-hook="SetSession">
<input type="text" name="username" value="<%= @username %>" />

That's it!

Now, any LiveView can load this data on mount:

defmodule MyAppWeb.SettingsLive do
use MyAppWeb, :live_view

@impl true
def mount(_params, session, socket) do
{:ok, assign(socket, username: session["username"])}

If, like me, you've got multiple sibling LiveViews mounted at the same time and want an updated session in one to affect another, that's possible too.

The hook above does

this.pushEventTo(".phx-hook-subscribe-to-session", "updated_session_data", [,])

This means that any LiveView can receive updates by putting the phx-hook-subscribe-to-session class anywhere in the rendered output, and listening to the "updated_session_data" event:

defmodule MyAppWeb.OtherLive do
use MyAppWeb, :live_view

def render(assigns) do
<div class="phx-hook-subscribe-to-session">
<p>Hello, <%= @username %>!</p>


# Loads session data on mount.
@impl true
def mount(_params, session, socket) do
{:ok, assign(socket, username: session["username"]}

# Also updates session data when notified.
@impl true
def handle_event("updated_session_data", ["username", username], socket) do
{:noreply, assign(socket, username: username)}

As always, I would love feedback and alternative solutions. Please write a comment below or on Twitter!