How to configure two or more play.http.session config?

busydad · March 4, 2022, 1:56pm

Hi,

I am currently using session to manage user login.
I set a maxAge on the session so it stays even after user closes their browser window.
However, I would like to add an option for user to choose to forget their login once they close the browser window (think “remember me” unchecked).

I understand that we can configure session in application.conf as explained here, and I use this method to set maxAge on the session.

But how do I have two different configurations so that the maxAge config can be switched on and off?

I was hoping that I can programmatically configure the session but found no way to do it in the .withSession() call.

Btw, I am using Play Framework 2.8.8 with Scala 2.13.8.

Please advise.

Thanks.

Squeng · March 5, 2022, 6:55pm

You could leave the session maxAge alone and use a dedicated remember-me cookie.
Just like the session cookie, your remember-me cookie could use JWT as the value format and authenticate the JWT (see GitHub - auth0/java-jwt: Java implementation of JSON Web Token (JWT) for example) with a secret of its own (i.e., don’t reuse the Application Secret - 2.8.x).

Whether that’s secure enough for your use case, however, should be reviewed by a third party.

Topic		Replies	Views
Remember me functionality Play Framework	0	367	October 22, 2020
Play Framework HTML SCALA VIEW Sessions Play Framework	2	364	March 15, 2021
Play 2.8 Session Issue Play Framework	2	1244	November 19, 2020
SESSION ISSUE on withSession method Play Framework	4	745	December 14, 2019
Session in Play Framework (scala) Play Framework	9	1518	December 6, 2018

How to configure two or more play.http.session config?

Related Topics