Confusion over Phauxth.Remember :max_age

[michaeljones]

Environment

$ elixir --version
Erlang/OTP 22 [erts-10.6.4] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:1]
Elixir 1.10.1 (compiled with Erlang/OTP 21)

on Ubuntu 19.10

Issue

I am quite new to Elixir & Phoenix so I am sorry if this is a mistake on my part. I'm trying to understand how to extend the max_age of the remember_me cookie.

From this comment, it seems like I could provide a :max_age option. I initially thought I was meant to add this to config.exs next to token_module and user_context which are also listed. However from my understanding of the init code, I should max_age as an option to the plug line like:

plug Phauxth.Remember, max_age: two_months_in_seconds

But when I look at the add_rem_cookie code here it seems to use the @max_age in the module but not attempt to access the :max_age option at all? Is that correct or am I misreading it? It is possible that somehow the :max_age option maps to @max_age in a manner that I am not familiar with yet but inspecting the max_age cookie in the browser shows it using @max_age rather than the :max_age option.

Anyway, thanks for providing this project. It has been very helpful in getting started with a new phoenix project when I am quite unfamiliar with the ecosystem & setup.

[riverrun]

First, it is right that you need to add max_age to the plug line if you are using Phoenix.Token as a backend to your token module.

You need to use add_rem_cookie when creating the new session (after login). See this example.

As for setting the cookie's max_age, the add_rem_cookie function uses @max_age by default, but you can set your own max_age. For example, add_rem_cookie(conn, user_id, 604_800 * 2) would set it to two weeks.

Closing this issue now, but if you have any further questions, just let me know.