I am trying to extend the timeout session, how should i do it?
Any context would help.
What are you using, which library are you using, which framework are you using, What did you try first? etc
Ok, I am using phoenix framework,
The application needs authentication so the session always times out. I tried setting the timeout on the config/dev.ex thus:
config :ration, RationWeb.Endpoint,
http: [
port: 4000,
protocol_options: [
idle_timeout: 36_000_000
]
],
But this is not working
What else do i do?
idle_timeout has nothing to do with the session handling of phoenix, but is a http timeout as described in Nine Nines: cowboy_http(3)
The default session handing included in Phoenix is using Plug.Session. Plug.Session defaults to cookie based session handling, with a default :max_age of 1 day (when signed (default) or encoded). You can customize this to be more or less than 1 day, but given you tried to configure idle_timeout to 10h I’m wondering if something else is off for you here.
2 Likes
Can you please let me know how to handle this issue?
Hi @Winifred , in order to help you it’s important to know more precisely what the issue is, and how you tried to solve it so far.
Did you already implement authentication in your app? If yes, how?
What leads you to infer that the session times out? Does it happen right away or after a while?
If you can share some code related to handling of sessions or authentication in your app it might also help.
With some more information, I am sure someone will be able to guide you towards a solution 
Ok,
I have already implemented authentication. I am working with an open source application.
The problem is that even if i am working on the application, after sometime, the user is logged out.
Initially, i tried adding timeout on the config/dev.ex as i shared before, that did not work. also i created a module for session timeout.
defmodule Auth.SlidingSessionTimeout do
import Plug.Conn
def init(opts \\ []) do
Keyword.merge([timeout_after_seconds: 3600], opts)
end
def call(conn, opts) do
timeout_at = get_session(conn, :session_timeout_at)
if timeout_at && now() > timeout_at do
logout_user(conn)
else
put_session(conn, :session_timeout_at, new_session_timeout_at(opts[:timeout_after_seconds]))
end
end
defp logout_user(conn) do
conn
|> clear_session()
|> configure_session(renew: true)
|> assign(:session_timeout, true)
end
defp now do
DateTime.utc_now() |> DateTime.to_unix
end
defp new_session_timeout_at(timeout_after_seconds) do
now() + timeout_after_seconds
end
end
I called this from the router:
pipeline :browser do
plug :accepts, ["html"]
plug :fetch_session
plug :fetch_flash
plug :protect_from_forgery
plug :put_secure_browser_headers
plug Auth.SlidingSessionTimeout, timeout_after_seconds: 86400
end
and this didn’t work either. So that is why i am here.
I apologize i just may not be able to share my code.
The authentication was achieved using phx.gen.auth
That’s very normal and is a classic security measure. Sessions always expire.
You want eternal sessions that never expire? Or you want them to expire after more time than they do now?
At first glance, the code that implements the sliding session seems correct (I did not test it though, I am browsing on mobile now). Do you get logged out after closing the browser, or even while the browser is open? In the first case, it might be due to the session cookie being deleted after closing the browser (usually the default).
