2 January 2018

TIL: How to Explicitly Set Session Expiration in Phoenix

By default Phoenix stores session data in browser cookies. I don’t know why, but I thought the default was for those cookies to never expire. It turns out by default they expire when the browser session ends. I found this out because my users weren’t able to stay logged in beyond a few days.

It took me a while to find it, but the documentation for Plug.Session options shows you can set the max_age key to the number of seconds for it to expire. Typically, your Plug.Session is configured in your lib/my_app_web/endpoint.ex file:

plug Plug.Session,
    store: :cookie,
    max_age: 24*60*60*37,       # 37 days
    key: "_my_app_key",
    signing_salt: "random signing salt"

Now my users will stay logged in for 37 days.

Heads up! This article may make reference to the Gaslight team—that's still us! We go by Launch Scout now, this article was just written before we re-introduced ourselves. Find out more here.

Related Posts

Want to learn more about the work we do?

Explore our work

Ready to start your software journey with us?

Contact Us