Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Session cookie Expires/Max-Age not in sync with expiration_in_seconds #84

Open
jarmo opened this issue Nov 28, 2021 · 0 comments
Open

Comments

@jarmo
Copy link

jarmo commented Nov 28, 2021

I expected a problem where I did configure Plug.Session like this:

plug Plug.Session,
    store: :redis,
    key: "_session_key",
    expiration_in_seconds: 60

This did work as expected - user was logged out after 60 seconds. However, I also noticed that the cookie, which holds session id does not have Expires/Max-Age set, which means that this is essentially a Session cookie which might get deleted after browser restart.

This causes a problem where expiration_in_seconds is set to a longer period (months, for example), but user still needs to relogin after each browser restart.

That kind of a behavior was unexpected to me since I would have expected that the cookie expiration will be the same as expiration_in_seconds. I did not also find any mentions about this behavior in the README.

I managed to solve this problem with the following configuration:

plug Plug.Session,
    store: :redis,
    key: "_session_key",
    expiration_in_seconds: 60,
    max_age: 60

If this behavior is intentional then maybe at least mention it in the README?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant