Plug v1.10.3 Plug.Session.COOKIE View Source

Stores the session in a cookie.

This cookie store is based on Plug.Crypto.MessageVerifier and Plug.Crypto.MessageEncryptor which encrypts and signs each cookie to ensure they can't be read nor tampered with.

Since this store uses crypto features, it requires you to set the :secret_key_base field in your connection. This can be easily achieved with a plug:

plug :put_secret_key_base

def put_secret_key_base(conn, _) do
  put_in conn.secret_key_base, "-- LONG STRING WITH AT LEAST 64 BYTES --"
end

Options

  • :secret_key_base - the secret key base to built the cookie signing/encryption on top of. If one is given on initialization, the cookie store can precompute all relevant values at compilation time. Otherwise, the value is taken from conn.secret_key_base and cached.

  • :encryption_salt - a salt used with conn.secret_key_base to generate a key for encrypting/decrypting a cookie, can be either a binary or an MFA returning a binary;

  • :signing_salt - a salt used with conn.secret_key_base to generate a key for signing/verifying a cookie, can be either a binary or an MFA returning a binary;

  • :key_iterations - option passed to Plug.Crypto.KeyGenerator when generating the encryption and signing keys. Defaults to 1000;

  • :key_length - option passed to Plug.Crypto.KeyGenerator when generating the encryption and signing keys. Defaults to 32;

  • :key_digest - option passed to Plug.Crypto.KeyGenerator when generating the encryption and signing keys. Defaults to :sha256;

  • :serializer - cookie serializer module that defines encode/1 and decode/1 returning an {:ok, value} tuple. Defaults to :external_term_format.

  • :log - Log level to use when the cookie cannot be decoded. Defaults to :debug, can be set to false to disable it.

Examples

# Use the session plug with the table name
plug Plug.Session, store: :cookie,
                   key: "_my_app_session",
                   encryption_salt: "cookie store encryption salt",
                   signing_salt: "cookie store signing salt",
                   key_length: 64,
                   log: :debug

Link to this section Summary

Link to this section Functions

Callback implementation for Plug.Session.Store.delete/3.

Callback implementation for Plug.Session.Store.get/3.

Callback implementation for Plug.Session.Store.init/1.

Link to this function

put(conn, sid, term, opts)

View Source

Callback implementation for Plug.Session.Store.put/4.