Hi all, sorry if this is a vague question. I have a Phoenix API set up with Pow, with the PowPersistentSession
extension enabled (using mnesia). This is an API backend with a React app as the frontend. I was serving the React frontend at localhost:3000
and the Phoenix backend at localhost:4000
. Since I plan to serve both the React & Phoenix apps through the same domain in production, I’m using cookie authentication.
Now the weird thing is, the persistent session gets dropped (i.e. Pow.Plug.RequireAuthenticated
rejects my cookie) sometime in like less than an hour. Basically the frontend will just get logged out randomly. However, when I manually tested it, the session could indeed survive a backend server & frontend server restart.
I’m kinda lost how to debug this issue since. Could it be due to the frontend & backend being served on different ports or something…?
Here is some relevant config code:
# config.exs
# Configure Pow
config :myapp, :pow,
user: MyApp.Users.User,
repo: MyApp.Repo,
web_module: MyAppWeb,
extensions: [PowPersistentSession],
controller_callbacks: Pow.Extension.Phoenix.ControllerCallbacks,
cache_store_backend: Pow.Store.Backend.MnesiaCache
# endpoint.ex
...
plug Plug.Session, @session_options
plug Pow.Plug.Session, otp_app: :myapp
plug PowPersistentSession.Plug.Cookie
plug MyAppWeb.Router
end
# router.ex
pipeline :api do
plug :accepts, ["json"]
end
pipeline :protected do
plug Pow.Plug.RequireAuthenticated, error_handler: MyAppWeb.AuthErrorHandler
end
...
scope "/api", MyAppWeb do
pipe_through [:api, :protected]
# GET /session is the path that I get 401 back from
resources "/session", SessionController, only: [:show, :delete], singleton: true
resources "/clients", ClientController, only: [:index, :create, :show]
end
I’ve also added :mnesia
to extra_applications
in mix.exs
and Pow.Store.Backend.MnesiaCache
to the supervision tree.