View Source Plug.Session (Plug v1.16.0)
A plug to handle session cookies and session stores.
The session is accessed via functions on Plug.Conn
. Cookies and
session have to be fetched with Plug.Conn.fetch_session/1
before the
session can be accessed.
The session is also lazy. Once configured, a cookie header with the session will only be sent to the client if something is written to the session in the first place.
When using Plug.Session
, also consider using Plug.CSRFProtection
to avoid Cross Site Request Forgery attacks.
Session stores
See Plug.Session.Store
for the specification session stores are required to
implement.
Plug ships with the following session stores:
Options
:store
- session store module (required);:key
- session cookie key (required);:domain
- seePlug.Conn.put_resp_cookie/4
;:max_age
- seePlug.Conn.put_resp_cookie/4
;:path
- seePlug.Conn.put_resp_cookie/4
;:secure
- seePlug.Conn.put_resp_cookie/4
;:http_only
- seePlug.Conn.put_resp_cookie/4
;:same_site
- seePlug.Conn.put_resp_cookie/4
;:extra
- seePlug.Conn.put_resp_cookie/4
;
Additional options can be given to the session store, see the store's documentation for the options it accepts.
Examples
plug Plug.Session, store: :ets, key: "_my_app_session", table: :session