Cookie Session Storage

πŸ‘¨β€πŸ’Ό We're not talking about window.sessionStorage here. We're talking about storing information about the current session. For this feature, we want to be able to show the user a toast notification when they delete a note. And we'll want our solution to be generic enough to use for other notifications in the future.
We could definitely use one of many React libraries to accomplish this, but we're going to go OG with the web and use cookies. The idea is in our action for the deletion, we'll set a cookie that has the message we want to show. And then the root loader will read that cookie and send the data along to the UI where we'll display the toast notification.
πŸ§β€β™‚οΈ I've already implemented the UI bit for the toast notifications so you can focus on the session storage bit. Feel free to check out my work if you'd like to see what that involved.
πŸ‘¨β€πŸ’Ό Based on our requirements, we'll use Remix's createCookieSessionStorage API to create a session storage object that we can use to store and retrieve the toast information.
🐨 Please to initialize this session storage object.
🐨 Configure the cookie option with the following properties:
  • name: 'en_toast' - this is the name of the cookie that will be created and should be unique relative to other cookies on your domain ("en" is short for "Epic Notes").
  • sameSite: 'lax' - The cookie is sent with "safe" HTTP methods (like GET), and only when the request originates from the same site or when the user navigates to the URL from an external site, such as by following a link. This is a balance between security and usability, preventing the cookie from being sent with cross-site POST requests (which are often used in cross-site request forgery attacks), but still allowing the user to access content via regular navigation.
  • path: '/' - The cookie is sent for all requests on the domain.
  • httpOnly: true - The cookie is not accessible via JavaScript. This is important for security because it prevents cross-site scripting attacks from accessing the cookie.
  • secrets: process.env.SESSION_SECRET.split(',') - This is an array of secrets that will be used to sign the cookie. This is important for security because it prevents the cookie from being tampered with. It's an array so you can rotate their values over time. We are using an environment variable for the secret. So you'll need to add that to the file. Once you have that set, you can update so you have type-safe access to that environment variable.
  • secure: process.env.NODE_ENV === 'production' - The cookie is only sent over HTTPS. This is important for security because it prevents the cookie from being sent over an insecure connection. We only want to do this in production because while some browsers are fine ignoring this on localhost, Safari does not.
With that, you can add this to export all the bits of the sessionStorage so we can use them throughout the app:
export const toastSessionStorage = createCookieSessionStorage({
	// ...
})
There's no straightforward way to test that you've got this done correctly until the next step, so you may check the diff to make sure you got it right before moving on.
Login to get access to the exclusive discord channel.
  • general
    npm install everytime I setup a new playground
    Duki 🌌:
    Is it normal that I have to run `npm install` in my playground directory, everytime I setup the play...
    • βœ…1
    2 Β· 25 days ago
  • general
    Welcome to EpicWeb.dev! Say Hello πŸ‘‹
    Kent C. Dodds β—† πŸš€πŸ†πŸŒŒ:
    This is the first post of many hopefully!
    • 18
    81 Β· 10 days ago
  • πŸ”auth
    The latest web-auth workshop cannot be launch
    QzCurious 🌌:
    I've done: 1. Remove web-auth directory 2. Follow https://github.com/epicweb-dev/web-auth?tab=readme...
    • βœ…1
    7 Β· 2 months ago
  • general
    Migration to Vite: Server-only module referenced by client
    Fabian 🌌:
    Hi, I'm working on migrating to Vite following the remix docs (https://remix.run/docs/en/main/guides...
    • βœ…1
    1 Β· 3 months ago
  • πŸ”auth
    Github token added on refactor of connection model exercise
    abraham_aguilera 🌌:
    Where does the newly created `GITHUB_TOKEN` come from in the `resolveConnectionData` introduced in t...
    • βœ…1
    2 Β· 5 months ago
  • πŸ”auth
    Potential Security Concern with Empty Session Data in createCookieSessionStorage?
    QzCurious 🌌:
    Since session data can be an empty object, it seems possible that someone could guess when encrypted...
    • βœ…1
    6 Β· 2 months ago
  • general
    Remix Vite Plugin
    Binalfew πŸš€ 🌌:
    <@105755735731781632> Now that remix officially supports vite (though not stable) what does it mean...
    • βœ…1
    3 Β· a year ago
  • general
    πŸ”­foundations
    Solutions video on localhost:5639 ?
    quang πŸš€ 🌌:
    Hi, so I'm having a hard time navigating (hopefully will be better with time) The nav on epicweb.de...
    • βœ…1
    9 Β· a year ago
  • πŸ”auth
    Where are we getting target_type from?
    Salym πŸš€ πŸ† 🌌:
    I don't see target_type in ur verification schema, how are we generating this?
    • βœ…1
    9 Β· 5 months ago
  • πŸ”auth
    Unknown file extension ".png" for ".../user.png"
    TraderDave79 🌌:
    I'm going through the `web-auth` module and in the "Require Authenticated" exercise, after making th...
    • βœ…1
    9 Β· 6 months ago
  • πŸ”auth
    github.com refuses to connect in workshop app
    TraderDave79 🌌:
    Web Authentication / OAuth / 02. GitHub Strategy / Problem & Solution apps, when clicking "Login wit...
    • βœ…1
    3 Β· 5 months ago
  • general
    Epicshop is now social and mobile friendly!
    Kent C. Dodds β—† πŸš€πŸ†πŸŒŒ:
    I'm excited to announce that now the Epic Web workshops are mobile friendly! https://foundations.ep...
    • πŸŽ‰2
    0 Β· 5 months ago
  • πŸ’Ύdata
    general
    πŸ“forms
    πŸ”­foundations
    double underscore?
    trendaaang 🌌:
    What with the `__note-editor.tsx`? I don't see that in the Remix docs and I don't remember Kent talk...
    • βœ…1
    2 Β· 6 months ago
  • πŸ”auth
    RBAC with Entity scoping
    abraham_aguilera 🌌:
    Hi all! I'm working on implementing access control but I want to be able to scope permissions per en...
    • βœ…1
    3 Β· 6 months ago
  • πŸ”auth
    πŸ’Ύdata
    08. ROLE-BASED ACCESS / 02. ROLES SEED - migration to local vs production
    Fabian 🌌:
    So I'm in a bit over my head with this one, in particular with how migration works in a local env vs...
    • βœ…1
    1 Β· 6 months ago
  • πŸ”auth
    Redirect Cookie > 03. Redirect missing ProgressToggle form
    RomΓ‘n πŸ† πŸš€ 🌌:
    This last exercises of the Auth module isn't showing the ProgressToggle form for some reason. I fork...
    • βœ…1
    5 Β· a year ago
  • πŸ’Ύdata
    πŸ”auth
    Prisma batching in the Require Authorized (07/03/solution)
    ajara 🌌 πŸš€:
    When I did the `requireUser` function in `auth.server.ts` I thought about using `requireUserId` func...
    • βœ…1
    4 Β· 7 months ago
  • πŸ”­foundations
    πŸ’Ύdata
    general
    πŸ“forms
    πŸ”auth
    Native Logging
    trendaaang 🌌:
    I was thinking that it could be useful to log every CRUD operation to help track down errors. Is tha...
    • βœ…1
    6 Β· 7 months ago
  • general
    The video play is pretty laggy currently
    QzCurious 🌌:
    I thought I should tag you for this <@105755735731781632>. Please take a look if something wrong.
    • βœ…2
    9 Β· 8 months ago