Hi all, sorry if this is a vague question. I have a Phoenix API set up with Pow, with the
PowPersistentSession extension enabled (using mnesia). This is an API backend with a React app as the frontend. I was serving the React frontend at
localhost:3000 and the Phoenix backend at
localhost:4000. Since I plan to serve both the React & Phoenix apps through the same domain in production, I’m using cookie authentication.
Now the weird thing is, the persistent session gets dropped (i.e.
Pow.Plug.RequireAuthenticated rejects my cookie) sometime in like less than an hour. Basically the frontend will just get logged out randomly. However, when I manually tested it, the session could indeed survive a backend server & frontend server restart.
I’m kinda lost how to debug this issue since. Could it be due to the frontend & backend being served on different ports or something…?
Here is some relevant config code:
# config.exs # Configure Pow config :myapp, :pow, user: MyApp.Users.User, repo: MyApp.Repo, web_module: MyAppWeb, extensions: [PowPersistentSession], controller_callbacks: Pow.Extension.Phoenix.ControllerCallbacks, cache_store_backend: Pow.Store.Backend.MnesiaCache # endpoint.ex ... plug Plug.Session, @session_options plug Pow.Plug.Session, otp_app: :myapp plug PowPersistentSession.Plug.Cookie plug MyAppWeb.Router end # router.ex pipeline :api do plug :accepts, ["json"] end pipeline :protected do plug Pow.Plug.RequireAuthenticated, error_handler: MyAppWeb.AuthErrorHandler end ... scope "/api", MyAppWeb do pipe_through [:api, :protected] # GET /session is the path that I get 401 back from resources "/session", SessionController, only: [:show, :delete], singleton: true resources "/clients", ClientController, only: [:index, :create, :show] end
I’ve also added
Pow.Store.Backend.MnesiaCache to the supervision tree.