Sigra.Plug.FetchSession (Sigra v1.20.0)

Copy Markdown View Source

Fetches the current user session, enforces timeouts, and assigns current_scope.

This plug reads the session token from the Plug session (key: :user_token), fetches the session from the configured session store, validates idle and absolute timeouts, throttles activity updates, and handles remember-me cookie rehydration.

If no valid session is found, current_scope is assigned as nil.

The session struct is stored in conn.private[:sigra_session] for downstream plugs (e.g., RequireSudo).

Sets HttpOnly: true, SameSite: Lax, Secure: true by default. Override :secure to false in development via the :cookie_opts option.

Options

  • :config - A %Sigra.Config{} struct (contains session store, timeouts, etc.).
  • :scope_module - Module used to construct the scope from the user. Must export new/1.
  • :cookie_opts - Override default cookie security options.
  • :remember_me_cookie - Name of the remember-me cookie. Default: nil (disabled).

Example

plug Sigra.Plug.FetchSession,
  config: @sigra_config,
  scope_module: MyApp.Auth.Scope

Summary

Functions

call(conn, opts)

Fetch the current user session, enforce timeouts, and assign current_scope.

init(opts)

Initialize the plug with the given options.

Functions

call(conn, opts)

(since 0.4.0)

Fetch the current user session, enforce timeouts, and assign current_scope.

init(opts)

(since 0.4.0)

Initialize the plug with the given options.

Merges default cookie security options with any user-provided overrides.