Skip to content

Instantly share code, notes, and snippets.

@qertoip
Last active July 18, 2023 15:33
Show Gist options
  • Save qertoip/87b6df3d8c15bb51ea868d53fcbe6736 to your computer and use it in GitHub Desktop.
Save qertoip/87b6df3d8c15bb51ea868d53fcbe6736 to your computer and use it in GitHub Desktop.
Elixir / Phoenix Sliding Session Timeout Plug
# How to use it:
#
# Plug it at the end of your :browser pipeline in your Phoenix app router.ex
# Make sure it is plugged before your session-based authentication and authorization Plugs.
#
# pipeline :browser do
# plug :accepts, ["html"]
# plug :fetch_session
# plug :fetch_flash
# plug :put_secure_browser_headers
# plug Auth.SlidingSessionTimeout, timeout_after_seconds: 3600 # <=
# end
#
defmodule Auth.SlidingSessionTimeout do
import Plug.Conn
def init(opts \\ []) do
Keyword.merge([timeout_after_seconds: 3600], opts)
end
def call(conn, opts) do
timeout_at = get_session(conn, :session_timeout_at)
if timeout_at && now() > timeout_at do
logout_user(conn)
else
put_session(conn, :session_timeout_at, new_session_timeout_at(opts[:timeout_after_seconds]))
end
end
defp logout_user(conn) do
conn
|> clear_session()
|> configure_session([:renew])
|> assign(:session_timeout, true)
end
defp now do
DateTime.utc_now() |> DateTime.to_unix
end
defp new_session_timeout_at(timeout_after_seconds) do
now() + timeout_after_seconds
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment