Do not use use a session cookie

no need for setting any cookies for a static site

apps/bob_versions_web/assets/js/liveview.js

@@ -8,13 +8,13 @@ try {
   timezone = "Etc/UTC"
 }
 
-let csrfToken =
-  document
-    .querySelector("meta[name='csrf-token']")
-    .getAttribute("content");
+// let csrfToken =
+//   document
+//     .querySelector("meta[name='csrf-token']")
+//     .getAttribute("content");
 
 let liveSocket = new LiveSocket("/live", Socket, {
-  params: { _csrf_token: csrfToken, timezone: timezone }
+  params: { timezone: timezone }
 });
 
 // connect if there are any LiveViews on the page

apps/bob_versions_web/lib/bob_versions_web/controllers/page_controller.ex

@@ -6,7 +6,7 @@ defmodule BobVersionsWeb.PageController do
       {_, text} ->
         data = BobVersions.text_to_data(text)
         stable = BobVersions.current_stable()
-        active = get_session(conn, "active_otp_version") || BobVersions.default_otp_version()
+        active = BobVersions.default_otp_version()
         render(conn, "index.html", data: data, active: active, stable: stable)
 
       :error ->

apps/bob_versions_web/lib/bob_versions_web/endpoint.ex

@@ -1,18 +1,17 @@
 defmodule BobVersionsWeb.Endpoint do
   use Phoenix.Endpoint, otp_app: :bob_versions_web
 
-  @session_options [
-    store: :cookie,
-    key: "_bob_versions_web_key",
-    signing_salt: "DtJrc3oC"
-  ]
+  # @session_options [
+  #   store: :cookie,
+  #   key: "_bob_versions_web_key",
+  #   signing_salt: "DtJrc3oC"
+  # ]
 
   socket "/socket", BobVersionsWeb.UserSocket,
     websocket: true,
     longpoll: false
 
-  socket "/live", Phoenix.LiveView.Socket,
-    websocket: [connect_info: [session: @session_options]]
+  socket "/live", Phoenix.LiveView.Socket
 
   # Serve at "/" the static files from "priv/static" directory.
   #
@@ -46,7 +45,7 @@ defmodule BobVersionsWeb.Endpoint do
   # The session will be stored in the cookie and signed,
   # this means its contents can be read but not tampered with.
   # Set :encryption_salt if you would also like to encrypt it.
-  plug Plug.Session, @session_options
+  # plug Plug.Session, @session_options
 
   plug BobVersionsWeb.Router
 end

apps/bob_versions_web/lib/bob_versions_web/router.ex

@@ -3,9 +3,9 @@ defmodule BobVersionsWeb.Router do
 
   pipeline :browser do
     plug :accepts, ["html"]
-    plug :fetch_session
-    plug :fetch_flash
-    plug :protect_from_forgery
+    # plug :fetch_session
+    # plug :fetch_flash
+    # plug :protect_from_forgery
     plug :put_secure_browser_headers
   end
 

apps/bob_versions_web/lib/bob_versions_web/templates/layout/app.html.eex

@@ -6,7 +6,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
     <title>Bob's List</title>
     <link rel="stylesheet" href="<%= Routes.static_path(@conn, "/css/app.css") %>"/>
-    <%= csrf_meta_tag() %>
+    <%#= csrf_meta_tag() %>
     <script type="text/javascript" src='<%= Routes.static_path(@conn, "/js/app.js") %>' defer></script>
   </head>
   <body>