Play! framework: use session for authentication

Question

Play! framework: use session for authentication

therefore I use Play! framework for website design.
I use a session to determine if a user is logged in:

session("connected", user.getId().toString());

then I can determine who the user is when I want it easily.

I had two questions:

Is this the best practice?
Are there any vulnerabilities in my system simple , and how to cancel them?

+6

java authentication login web playframework-2.0

socksocket Aug 22 '12 at 14:20

source share

1 answer

biesior · Accepted Answer · 2012-08-22T14:33:04+0000

This is simple and safe, as a cookie with a session area is signed with a private key. If there is no need to store a large amount of data for each session, this should be OK.

Take a look at existing solutions (e.g. zentasks sample).

Edit

On the other hand, you can consider using Play Authenticate, I added session processing for an example in my fork (branch 2.0.4_session) to samples / java / play-authenticate-usage , these are just 3 commits, so it’s quite simple to combine it with existing play-authenticate-usage implementation.

Play! framework: use session for authentication

More articles: