View Source Plug.Session (Plug v1.14.0)
A plug to handle session cookies and session stores.
The session is accessed via functions on Plug.Conn
. Cookies and
session have to be fetched with Plug.Conn.fetch_session/1
before the
session can be accessed.
The session is also lazy. Once configured, a cookie header with the session will only be sent to the client if something is written to the session in the first place.
When using Plug.Session
, also consider using Plug.CSRFProtection
to avoid Cross Site Request Forgery attacks.
session-stores
Session stores
See Plug.Session.Store
for the specification session stores are required to
implement.
Plug ships with the following session stores:
options
Options
:store
- session store module (required);:key
- session cookie key (required);:domain
- seePlug.Conn.put_resp_cookie/4
;:max_age
- seePlug.Conn.put_resp_cookie/4
;:path
- seePlug.Conn.put_resp_cookie/4
;:secure
- seePlug.Conn.put_resp_cookie/4
;:http_only
- seePlug.Conn.put_resp_cookie/4
;:same_site
- seePlug.Conn.put_resp_cookie/4
;:extra
- seePlug.Conn.put_resp_cookie/4
;
Additional options can be given to the session store, see the store's documentation for the options it accepts.
examples
Examples
plug Plug.Session, store: :ets, key: "_my_app_session", table: :session