This is my understanding of how sessions work. Please correct me if I’m wrong.
In play, the session is a client cookie that is signed and encrypted by the application and secret key. When a request comes in play uses the applications secret key to decrypt the session cookie and de-serialize it so you can get the data out of it for your application.
Is it possible to use the same decryption method with the same secret key (of course I would have to write this myself) in another language and web framework (specifically Haskell and Spock)?
So in this scenario a play framework application and Spock would be running side by side and sharing the same secret key. But signins would be handled by the play framework app.