Reputation: 1114
Saving play framework sessions in database?
In the play framework website they say:
The session is a hash of key/values, signed but not encrypted. That means that as long as your secret is safe, it is not possible for a third-party to forge sessions.
is it really safe?
Is it possible to store sessions in a database like mysql or postgresql?
In a nother word do i need to do that?
And if yes, is there a best practice guide one can get help from ?
Upvotes: 0
Views: 609
Answers (1)
Reputation: 3833
In play, session is a cookie on the client side. Values are not encrypted, this significates that with a tool like firebug you can see the content of the session on the client side. So you must not put in your session sensible data like unencrypted password.
Session are signed. This significates that it is not possible to modify the cookie on the client side and send it to the server because play checks that the content is in sync with the signature.
As sessions are client object, I don't understand why you want to store them in your database. The usual use case is to put the identifier of the user in the session and retrieve all other needed data from the database with this identifier
Upvotes: 2
Related Questions
- How to save and read data from Session?
- Play framework session management
- Global Cache forces to store with session info. Do we have any alternative?
- How to persist user registrations using Play 2.0 and SecureSocial
- Session security in playframework
- Play Framework - save()
- How to use a persistent H2 database in the Play Framework instead of in-memory
- How to store object (not string) in session in play framework?
- Session inside Model in play framework
- Managing session details for multiple instances of a Play framework server on the same machine