Geek Answers Handbook

Java Play2 - From Session to Cookie

Update1:

Could you give me a small example of how to manage cookies and sessions in play2? (remember me)

Ok, I think I understand the basic concept of replay authentication.

Zentasks uses sessions. I know that sessions are only stored on the server. And the sessions in play2 are already signed. Cookies are not.

What if users want to log in, even if it closes the browser?

I will need to use a cookie.

What should I do?

Create a cookie that creates a session?

eg

  • User has a valid cookie.
  • get cookie val and create a new session

Or I completely cancel the sessions and instead use only cookies. Since the cookie does not automatically sign play2, I have to do it myself, which I did.

response().setCookie("remember",Crypto.sign(rnd) + "-" + obj.getClass().getName() + "-" + rnd,12000);

(I know that I have not yet protected it with secure and only http flags)

I just don't want to invent a new and damaged system. I hope you can understand how to make authentication secure in play2.

+4
source share
2 answers

the session area on Play is nothing more than a signed (secure) cookie (and they are stored on the client side, not the server side!)

From the above documents:

It is important to understand that Session and Flash data are not stored on the server, but added to each subsequent HTTP request using Cookies.

to keep logged in state by checking if session scope key exists and matches any of your user.

The de facto scope does not automatically expire, so your user will be logged in until he clicks on the logout action link (in which you just need to destroy the session key) (only in some browsers)

+3
source

More articles:


All Articles