riverrun
commented
4 years ago You say that the session cookie is set to last a week, but how long does the session last in the DB?
Closed dfalling closed 4 years ago
riverrun
commented
4 years ago You say that the session cookie is set to last a week, but how long does the session last in the DB?
dfalling
commented
4 years ago Oh, is there something extra I need to do to make the Remember session last a week in the DB as well? I had thought it was purely a cookie and wasn't being written to the DB.
riverrun
commented
4 years ago Oh, is there something extra I need to do to make the Remember session last a week in the DB as well? I had thought it was purely a cookie and wasn't being written to the DB.
No, I was just asking about the session cookie, but on reflection, I don't think that's the problem.
I suspect that the problem is that the token_module is not verifying the token (in the cookie) correctly. Could you check to see if the token_module is validating the user?
dfalling
commented
4 years ago Sure, what's the best way to check that? I haven't seen anything in the logs aside from general no user found messages.
riverrun
commented
4 years ago First of all, if you want to check how the remember me function is working, you need to set the session cookie to a short time - for testing purposes, just a few seconds.
Then, in the token module that you have defined, add IO.inspect to the line that you are returning in the verify function. For example, if you are following the example, make the final line, of the verify function, IO.inspect Token.verify(Endpoint, @token_salt, token, opts).
If that doesn't work, you will need to edit the remember.ex file in the deps/phauxth/lib/phauxth directory, changing lines 97 and 98 to:
with {:ok, user_id} <- token_module.verify(token, opts),
do: IO.inspect get_user({:ok, %{"user_id" => user_id}}, user_context)and after making these changes, run mix deps.compile.
The get_user function is defined in the lib/phauxth/authenticate/base.ex file.
I am afraid I might not be able to help you much over the next couple of weeks, as I am going away on a retreat later today.
dfalling
commented
4 years ago Wow thank you, this gives me a lot to go on! I'll reopen this if I hit any walls but I think this should take care of me. Thanks!
Environment
Current behavior
My session is invalidated after a day or two, and the Remember cookie doesn't seem to help it.
Expected behavior
As long as my Remember cookie is valid, a new session should be issued.
Additional information
I have both my Remember cookie and Session cookie set to last a week. I've inspected them in my browser and they both have a week of life left, but my client will still be rejected. When it's rejected, I've noticed that my session cookie still exists (though I know this doesn't mean the session in the DB is still valid), but my Remember cookie has been deleted.
I see that the Remember plug calls
def set_user(nil, conn), do: super(nil, delete_rem_cookie(conn))but am having trouble tracking this down. What scenarios will cause this to happen?