TIL: How to Explicitly Set Session Expiration in Phoenix

By default Phoenix stores session data in browser cookies. I don’t know why, but I thought the default was for those cookies to never expire. It turns out by default they expire when the browser session ends. I found this out because my users weren’t able to stay logged in beyond a few days.

It took me a while to find it, but the documentation for Plug.Session options shows you can set the max_age key to the number of seconds for it to expire. Typically, your Plug.Session is configured in your lib/my_app_web/endpoint.ex file:

plug Plug.Session,
    store: :cookie,
    max_age: 24*60*60*37,       # 37 days
    key: "_my_app_key",
    signing_salt: "random signing salt"

Now my users will stay logged in for 37 days.

Related Posts

Like what you're seeing? Let's keep in touch.

Subscribe to Our Newsletter