Global Cache forces to store with session info. Do we have any alternative?

Question

Play framework has cache (https://www.playframework.com/documentation/2.5.x/JavaCache) which is a global cache.

In our case, when the user logged in. We need to store a value to track for the particular session. Currently we are forced to form a key with session id so that the key will be unique in the Play cache.

This arises couple of questions.

1. What is the difference between having a static hashmap in a global class instead of having in Play cache?
2. Do we have any alternative instead of Play cache to store a variable which should be tied with a particular session ?

Currently we are storing in the global map which will be available for all logins.

It is vulnerable since the map exposes all the values for any user.

In Java Servlet application we use Thread Local and we cannot use the same in Play as it is a asynchronous framework.

Please let me know in detail.

Thanks.

Answer 1

As Thilo suggested you could use a Cookie.

Note that Play does have the concept of a Session - which is indeed a Cookie (since Play's architecture is such that it is fully stateless).

From the docs:-

As the Session is just a Cookie, it is also just an HTTP header, but Play provides a helper method to store a session value:

public Result login() {
    session("connected", "user@gmail.com");
    return ok("Welcome!");
}

The same way, you can remove any value from the incoming session:

public Result logout() {
    session().remove("connected");
    return ok("Bye");
}

If the data is sensitive then you need to think about protecting it ie. encrypt it.

If the data is large then you should think about cache.

Cache vs your own HashMap?

Well that is a bigger discussion. If your application grows and you scala out, how are you going to read/write/sync multiple HashMaps? Don't you want some eviction policies etc etc.