A plug to handle session cookies and session stores.
The session is accessed via functions on Plug.Conn
. Cookies and session have to be fetched with Plug.Conn.fetch_session/1
before the session can be accessed.
The session is also lazy. Once configured, a cookie header with the session will only be sent to the client if something is written to the session in the first place.
When using Plug.Session
, also consider using Plug.CSRFProtection
to avoid Cross Site Request Forgery attacks.
See Plug.Session.Store
for the specification session stores are required to implement.
Plug ships with the following session stores:
:store
- session store module (required);:key
- session cookie key (required);:domain
- see Plug.Conn.put_resp_cookie/4
;:max_age
- see Plug.Conn.put_resp_cookie/4
;:path
- see Plug.Conn.put_resp_cookie/4
;:secure
- see Plug.Conn.put_resp_cookie/4
;:http_only
- see Plug.Conn.put_resp_cookie/4
;:same_site
- see Plug.Conn.put_resp_cookie/4
;:extra
- see Plug.Conn.put_resp_cookie/4
;Additional options can be given to the session store, see the store's documentation for the options it accepts.
plug Plug.Session, store: :ets, key: "_my_app_session", table: :session
Callback implementation for Plug.call/2
.
Callback implementation for Plug.init/1
.
Callback implementation for Plug.call/2
.
Callback implementation for Plug.init/1
.
© 2013 Plataformatec
Licensed under the Apache License, Version 2.0.
https://hexdocs.pm/plug/Plug.Session.html