I am trying to extend the timeout session, how should i do it?
Any context would help.
What are you using, which library are you using, which framework are you using, What did you try first? etc
Ok, I am using phoenix framework,
The application needs authentication so the session always times out. I tried setting the timeout on the config/dev.ex thus:
config :ration, RationWeb.Endpoint, http: [ port: 4000, protocol_options: [ idle_timeout: 36_000_000 ] ],
But this is not working
What else do i do?
idle_timeout has nothing to do with the session handling of phoenix, but is a http timeout as described in Nine Nines: cowboy_http(3)
The default session handing included in Phoenix is using
Plug.Session defaults to cookie based session handling, with a default
:max_age of 1 day (when signed (default) or encoded). You can customize this to be more or less than 1 day, but given you tried to configure
idle_timeout to 10h I’m wondering if something else is off for you here.
Can you please let me know how to handle this issue?
Hi @Winifred , in order to help you it’s important to know more precisely what the issue is, and how you tried to solve it so far.
Did you already implement authentication in your app? If yes, how?
What leads you to infer that the session times out? Does it happen right away or after a while?
If you can share some code related to handling of sessions or authentication in your app it might also help.
With some more information, I am sure someone will be able to guide you towards a solution
I have already implemented authentication. I am working with an open source application.
The problem is that even if i am working on the application, after sometime, the user is logged out.
Initially, i tried adding timeout on the config/dev.ex as i shared before, that did not work. also i created a module for session timeout.
defmodule Auth.SlidingSessionTimeout do import Plug.Conn def init(opts \\ ) do Keyword.merge([timeout_after_seconds: 3600], opts) end def call(conn, opts) do timeout_at = get_session(conn, :session_timeout_at) if timeout_at && now() > timeout_at do logout_user(conn) else put_session(conn, :session_timeout_at, new_session_timeout_at(opts[:timeout_after_seconds])) end end defp logout_user(conn) do conn |> clear_session() |> configure_session(renew: true) |> assign(:session_timeout, true) end defp now do DateTime.utc_now() |> DateTime.to_unix end defp new_session_timeout_at(timeout_after_seconds) do now() + timeout_after_seconds end end
I called this from the router:
pipeline :browser do plug :accepts, ["html"] plug :fetch_session plug :fetch_flash plug :protect_from_forgery plug :put_secure_browser_headers plug Auth.SlidingSessionTimeout, timeout_after_seconds: 86400 end
and this didn’t work either. So that is why i am here.
I apologize i just may not be able to share my code.
The authentication was achieved using phx.gen.auth
That’s very normal and is a classic security measure. Sessions always expire.
You want eternal sessions that never expire? Or you want them to expire after more time than they do now?
At first glance, the code that implements the sliding session seems correct (I did not test it though, I am browsing on mobile now). Do you get logged out after closing the browser, or even while the browser is open? In the first case, it might be due to the session cookie being deleted after closing the browser (usually the default).