Pow Plug Session config not working

Rehman · August 20, 2020, 8:37am

Pow.Plug.Session @pow_config is not working for @credentials_cache_store and @session_ttl_renewal
i want to chnage expire time and ttl_renewal time

Endpoint code

defmodule AlivaWeb.Endpoint do
  use Phoenix.Endpoint, otp_app: :aliva
  # @pow_config otp_app: :aliva
  @pow_config [
    repo: Aliva.Repo,
    user: Aliva.Users.User,
    current_user_assigns_key: :current_user,
    session_key: "auth",
    credentials_cache_store: {Pow.Store.CredentialsCache,
                              ttl: :timer.minutes(1),
                              namespace: "credentials"},
    session_ttl_renewal: :timer.minutes(1),
    cache_store_backend: Pow.Store.Backend.EtsCache,
    users_context: Pow.Ecto.Users
  ]
  # The session will be stored in the cookie and signed,
  # this means its contents can be read but not tampered with.
  # Set :encryption_salt if you would also like to encrypt it.
  @session_options [
    store: :cookie,
    key: "_aliva_key",
    signing_salt: "LOlti+7w",
    max_age: 1 * 60
  ]

  socket "/socket", AlivaWeb.UserSocket,
    websocket: [
      connect_info: [pow_config: @pow_config]
    ],
    websocket: true,
    longpoll: false

  # socket "/live", Phoenix.LiveView.Socket, websocket: [connect_info: [session: @session_options]]

  # Serve at "/" the static files from "priv/static" directory.
  # You should set gzip to true if you are running phx.digest
  # when deploying your static files in production.
  plug Plug.Static,
    at: "/",
    from: :aliva,
    gzip: false,
    only: ~w(css fonts images js favicon.ico robots.txt)

  # Code reloading can be explicitly enabled under the
  # :code_reloader configuration of your endpoint.
  if code_reloading? do
    socket "/phoenix/live_reload/socket", Phoenix.LiveReloader.Socket
    plug Phoenix.LiveReloader
    plug Phoenix.CodeReloader
    plug Phoenix.Ecto.CheckRepoStatus, otp_app: :aliva
  end

  plug Phoenix.LiveDashboard.RequestLogger,
    param_key: "request_logger",
    cookie_key: "request_logger"

  plug Plug.RequestId
  plug Plug.Telemetry, event_prefix: [:phoenix, :endpoint]

  plug Plug.Parsers,
    parsers: [:urlencoded, :multipart, :json],
    pass: ["*/*"],
    json_decoder: Phoenix.json_library()

  plug Plug.MethodOverride
  plug Plug.Head

  plug Plug.Session, @session_options
  plug Pow.Plug.Session, @pow_config
  # plug Pow.Plug.Session, otp_app: :aliva
  # plug Pow.Plug.Session,
  #   otp_app: :aliva,
    # session_ttl_renewal: :timer.minutes(1),
    # credentials_cache_store: {Pow.Store.CredentialsCache, ttl: :timer.minutes(1)}

  plug AlivaWeb.Router
end

please help
thanks in advanced!

Schultzer · August 20, 2020, 12:41pm

To me, it looks like, you set the credentials_cache_store to expire after one minute (users have to re-login after a minute) and renewal is also a minute, so you would renew and expire at the same time (race condition).

By default credentials are 30 minutes and renewal is 15 minutes.

I would try to keep the config in one place, and I prefer to use /config.exs for global configurations, it looks to me, that you are setting config, multiply places, which is not good, and not DRY, this can lead to you overwriting configs, that you are not aware of, because it is scattered, around your code, instead of being in one place.