Skip to content
This plugin allows you to store the session data in cookie
Groovy Java
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

The cookie based session storage for Grails

This is the grails plugin that allows you to store the session data in a cookie like Rails or Play!.
It makes a grails application more stateless. So you could more easily scale the application on a clustered environment (including some cloud platforms like Heroku).


You can install the plugin by the grails install-plugin command.

grails install-plugin cookie-session


Replay attacks

You should be aware of the replay attacks when you use the cookie based session store.
Even if someone sniffs a user's cookie, and replay the cookie to your application, the application cannot detect this. (they may log in to your application or ...).

Session data size

All the session data will be stored in a cookie data. so the size must be up to 4kb.


The plugin can be configured in "Config.groovy".


name default description
grails.plugin.cookiesession.enabled Development Mode: false, The others: true If false, the plugin won't be loaded. gsession The cookie's name used for storing session data.
grails.plugin.cookiesession.timeout 30 Session timeout (minutes)
grails.plugin.cookiesession.hmac.secret - (Required) A secret key used for preventing a session cookie from being forged. It should be kept private and unique. gsesshmac The cookie's name used for storing a session HMAC.
grails.plugin.cookiesession.hmac.algorithm HmacSHA1 An algorithm used for an HMAC.



grails.plugin.cookiesession.enabled = true = "grails-session"
grails.plugin.cookiesession.timeout = 30 = "grails-session-hmac"
grails.plugin.cookiesession.hmac.algorithm = "HmacSHA1"
grails.plugin.cookiesession.hmac.secret = "Please enter your unique secret key!".bytes.encodeBase64(false).toString()
You can’t perform that action at this time.