How do you add Persistent Authentication?

I just noticed that Guardian doesn’t have persistence by default, meaning if a user restarts the browser, he/she will have to log in again. What would be the best way to achieve this? Can I just save the tokens to cookies and go from there?

Sounds like you are mixing concerns. Guardian is used for JWT, so things like API pipelines and such. Users should (usually) still have a cookie session (whether that is by storing a JWT in it via Guardian or not…). :slight_smile:

@OvermindDL1 Am I mixing concerts? I’m probably too spoiled from using Meteor’s Accounts library. Anyhow, is there an example on how to manage authentication in a cookie or LocalStorage?

IMHO, the cookie issued for you is session cookie. You have to set ttl for Guardian like these:

config :guardian, Guardian,
  ttl: { 100, :days },

I already have that set but I get logged out when I restart the browser.

Is there max_age in your Plug.Session? like lib/[your app]/endpoint.ex:

plug Plug.Session,
  store: :cookie,
  key: "xxxx",
  signing_salt: "xxx",
  max_age: 36000

omg… That’s it! Thank you so much!

1 Like