Implements Session based authentication. By default, it uses an Server for session state. Additionally, a the session can be stored in a database with an Server based cache.

The plug can be used to force a login for unauthenticated users for routes that need to be protected with a password.

For example:

plug Coherence.Authentication.Session, protected: true

will present the user for a login if they are accessing a route or controller that uses this plug.

For pages that don't require authorization but would like to present logged in information on unprotected pages, use the default:

plug Coherence.Authentication.Session

This will set the current_user for use in templates, but not allow access to protected pages.

By default, the user model for a logged-in user can be accessed with Coherence.current_user(conn) which is just a shortcut for conn.assigns[:current_user]. This can be changed with the global :assigns_key config option.

Controller Based Authentication

This plug can be used in either the router.ex file or in a controller file.

Database Persistence

To enable database persistence, implement [Coherence.DbStore] protocol for your user model. As well, you will need to provide the :db_model option to the plug.

See the full guide on how to implement this in the project wiki: https://github.com/smpallen99/coherence/wiki/Session-token-Ecto-Persistance

You should be aware that the Server is still used to fetch the user data if can be found. If the key is not found, it checks the database. If a record is found in the database, the server is updated and the user data returned.

This module is derived from https://github.com/lexmag/blaguth