How to configure two or more play.http.session config?


I am currently using session to manage user login.
I set a maxAge on the session so it stays even after user closes their browser window.
However, I would like to add an option for user to choose to forget their login once they close the browser window (think “remember me” unchecked).

I understand that we can configure session in application.conf as explained here, and I use this method to set maxAge on the session.

But how do I have two different configurations so that the maxAge config can be switched on and off?

I was hoping that I can programmatically configure the session but found no way to do it in the .withSession() call.

Btw, I am using Play Framework 2.8.8 with Scala 2.13.8.

Please advise.


You could leave the session maxAge alone and use a dedicated remember-me cookie.
Just like the session cookie, your remember-me cookie could use JWT as the value format and authenticate the JWT (see GitHub - auth0/java-jwt: Java implementation of JSON Web Token (JWT) for example) with a secret of its own (i.e., don’t reuse the Application Secret - 2.8.x).

Whether that’s secure enough for your use case, however, should be reviewed by a third party.