Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] Scala secure session, is this a must? #85

Closed
vy8 opened this issue Jan 12, 2020 · 1 comment
Closed

[Question] Scala secure session, is this a must? #85

vy8 opened this issue Jan 12, 2020 · 1 comment

Comments

@vy8
Copy link

vy8 commented Jan 12, 2020

Hi! I have a couple of apps running in production with Play! and I use simple cookie based authentication where I just store the username in the session and check for it in Authenticated Actions.
Very similar to how this example does it: https://alvinalexander.com/scala/how-to-implement-user-authentication-play-framework-application

Then I've noticed the play-scala-secure-session-example and got a little scared.

Is the way I'm using auth viable for production or should I try to encrypt the session ASAP?
@wsargent
Copy link
Member

There's nothing wrong with storing information in the cookie as long as you know that it's public and can be read by the browser. If you have information that you don't want the user to have access to, then a secure session lets you keep client information on the browser without letting the user see what it is.

ignasi35 pushed a commit to ignasi35/play-samples that referenced this issue May 20, 2020
@octonato
Merge pull request playframework#85 from renatocaval/templatecontrol-…
bd364b8 
…2.6.x

Upgrade branch 2.6.x using TemplateControl
ignasi35 pushed a commit to ignasi35/play-samples that referenced this issue May 20, 2020
@octonato
Upgrade branch 2.6.x using TemplateControl (playframework#85)
94f023a 
```
Updated with template-control on 2019-02-01T10:40:33.120Z
  /.mergify.yml:
    wrote /.mergify.yml

```
ignasi35 pushed a commit to ignasi35/play-samples that referenced this issue May 20, 2020
@dwijnand
Merge remote-tracking branch 'play-java-ebean-example/2.6.x' into 2.6.x
ff17d4f 
* play-java-ebean-example/2.6.x: (52 commits)
  Nest play-java-ebean-example
  Updated with template-control on 2019-02-13T20:25:39.252Z (playframework#96)
  Upgrade branch 2.6.x using TemplateControl (playframework#94)
  Upgrade branch 2.6.x using TemplateControl (playframework#93)
  Upgrade branch 2.6.x using TemplateControl (playframework#92)
  Updated with template-control on 2019-01-08T14:44:41.376Z (playframework#89)
  Upgrade branch 2.6.x using TemplateControl (playframework#85)
  Upgrade branch 2.6.x using TemplateControl (playframework#83)
  Upgrade branch 2.6.x using TemplateControl (playframework#79)
  Updated with template-control on 2018-09-11T20:14:50.116Z (playframework#77)
  Updated with template-control on 2018-08-20T20:37:13.842Z (playframework#76)
  Updated with template-control on 2018-07-19T01:58:55.623Z (playframework#74)
  Updated with template-control on 2018-07-16T18:38:45.357Z (playframework#73)
  Upgrade branch 2.6.x using TemplateControl (playframework#72)
  Updated with template-control on 2018-05-27T23:54:09.409Z (playframework#71)
  Updated with template-control on 2018-04-06T19:34:58.195Z (playframework#68)
  Updated with template-control on 2018-03-02T18:56:28.219Z (playframework#67)
  Updated with template-control on 2018-01-11T21:32:27.151Z (playframework#64)
  Fix cross build to sbt 1.1.0 (playframework#63)
  Updated with template-control on 2018-01-09T20:17:10.839Z (playframework#62)
  ...
ignasi35 pushed a commit to ignasi35/play-samples that referenced this issue May 20, 2020
@dwijnand
Merge remote-tracking branch 'play-java-jpa-example/2.6.x' into 2.6.x
3d9fb36 
* play-java-jpa-example/2.6.x: (48 commits)
  Nest play-java-jpa-example
  Updated with template-control on 2019-02-13T20:25:39.298Z (playframework#87)
  Upgrade branch 2.6.x using TemplateControl (playframework#85)
  Upgrade branch 2.6.x using TemplateControl (playframework#84)
  Upgrade branch 2.6.x using TemplateControl (playframework#83)
  Updated with template-control on 2019-01-08T14:44:42.531Z (playframework#81)
  Updated with template-control on 2019-01-04T17:13:23.827Z (playframework#76)
  Upgrade branch 2.6.x using TemplateControl (playframework#71)
  Upgrade branch 2.6.x using TemplateControl (playframework#69)
  Updated with template-control on 2018-09-11T20:14:50.333Z (playframework#65)
  Updated with template-control on 2018-08-20T20:37:13.878Z (playframework#63)
  Updated with template-control on 2018-07-19T01:58:55.873Z (playframework#61)
  Updated with template-control on 2018-07-16T18:38:45.441Z (playframework#60)
  Upgrade branch 2.6.x using TemplateControl (playframework#59)
  Updated with template-control on 2018-05-27T23:54:09.603Z (playframework#58)
  Updated with template-control on 2018-04-06T19:34:58.092Z (playframework#55)
  Updated with template-control on 2018-03-02T18:56:28.087Z (playframework#54)
  Upgrade branch 2.6.x using TemplateControl (playframework#53)
  Fix cross build to sbt 1.1.0 (playframework#52)
  Upgrade branch 2.6.x using TemplateControl (playframework#51)
  ...
ignasi35 pushed a commit to ignasi35/play-samples that referenced this issue May 20, 2020
@dwijnand
Merge remote-tracking branch 'play-java-websocket-example/2.6.x' into…
3a42d9c 
… 2.6.x

* play-java-websocket-example/2.6.x: (83 commits)
  Nest play-java-websocket-example
  Updated with template-control on 2019-02-13T20:25:39.721Z (playframework#100)
  Upgrade branch 2.6.x using TemplateControl (playframework#96)
  Upgrade branch 2.6.x using TemplateControl (playframework#94)
  Upgrade branch 2.6.x using TemplateControl (playframework#93)
  Updated with template-control on 2019-01-08T14:44:42.192Z (playframework#90)
  Updated with template-control on 2019-01-04T17:13:23.935Z (playframework#85)
  Upgrade branch 2.6.x using TemplateControl (playframework#84)
  Upgrade branch 2.6.x using TemplateControl (playframework#81)
  Updated with template-control on 2018-09-11T20:14:50.523Z (playframework#79)
  Updated with template-control on 2018-08-20T20:37:13.896Z (playframework#78)
  Updated with template-control on 2018-07-19T01:58:55.842Z (playframework#76)
  Updated with template-control on 2018-07-16T18:38:45.656Z (playframework#75)
  Upgrade branch 2.6.x using TemplateControl (playframework#74)
  Updated with template-control on 2018-05-27T23:54:09.712Z (playframework#73)
  Updated with template-control on 2018-04-06T19:34:58.514Z (playframework#71)
  Updated with template-control on 2018-03-02T18:56:28.527Z (playframework#70)
  Upgrade branch 2.6.x using TemplateControl (playframework#69)
  Fix cross build to sbt 1.1.0 (playframework#68)
  Upgrade branch 2.6.x using TemplateControl (playframework#67)
  ...
ignasi35 pushed a commit to ignasi35/play-samples that referenced this issue May 20, 2020
@dwijnand
Merge remote-tracking branch 'play-scala-anorm-example/2.6.x' into 2.6.x
18b40b7 
* play-scala-anorm-example/2.6.x: (68 commits)
  Nest play-scala-anorm-example
  Updated with template-control on 2019-02-13T20:25:39.764Z (playframework#105)
  Upgrade branch 2.6.x using TemplateControl (playframework#102)
  Upgrade branch 2.6.x using TemplateControl (playframework#101)
  Upgrade branch 2.6.x using TemplateControl (playframework#100)
  Updated with template-control on 2019-01-08T14:44:41.925Z (playframework#98)
  Updated with template-control on 2019-01-04T17:13:23.631Z (playframework#95)
  Fix deprecated WithResult.fold method usage (playframework#94)
  Upgrade branch 2.6.x using TemplateControl (playframework#93)
  Upgrade branch 2.6.x using TemplateControl (playframework#90)
  Updated with template-control on 2018-09-11T20:14:50.057Z (playframework#89)
  Fix cross build to sbt 1.1.0 (playframework#76)
  Updated with template-control on 2018-07-19T01:58:55.836Z (playframework#87)
  Updated with template-control on 2018-07-16T18:38:45.458Z (playframework#86)
  Upgrade branch 2.6.x using TemplateControl (playframework#85)
  Updated with template-control on 2018-05-27T23:54:09.813Z (playframework#84)
  Updated with template-control on 2018-04-06T19:34:57.924Z (playframework#80)
  Update the README (playframework#82)
  Upgrade Anorm dependency and usage (playframework#81)
  link to playframework version of anorm (playframework#79)
  ...
ignasi35 pushed a commit to ignasi35/play-samples that referenced this issue May 20, 2020
@dwijnand
Merge remote-tracking branch 'play-scala-slick-example/2.6.x' into 2.6.x
0a2f46a 
* play-scala-slick-example/2.6.x: (55 commits)
  Nest play-scala-slick-example
  Updated with template-control on 2019-02-13T20:25:39.652Z (playframework#92)
  Upgrade branch 2.6.x using TemplateControl (playframework#90)
  Updated with template-control on 2019-01-17T15:10:58.253Z (playframework#89)
  Upgrade branch 2.6.x using TemplateControl (playframework#88)
  Updated with template-control on 2019-01-08T14:44:41.666Z (playframework#85)
  Updated with template-control on 2019-01-04T17:13:23.925Z (playframework#79)
  Upgrade branch 2.6.x using TemplateControl (playframework#78)
  Upgrade branch 2.6.x using TemplateControl (playframework#75)
  Updated with template-control on 2018-09-11T20:14:50.417Z (playframework#74)
  Updated with template-control on 2018-08-20T20:37:13.878Z (playframework#73)
  Updated with template-control on 2018-07-19T01:58:55.997Z (playframework#71)
  Updated with template-control on 2018-07-16T18:38:45.495Z (playframework#70)
  Upgrade branch 2.6.x using TemplateControl (playframework#68)
  Updated with template-control on 2018-05-27T23:54:09.171Z (playframework#67)
  Updated with template-control on 2018-04-06T19:34:57.974Z (playframework#65)
  Updated with template-control on 2018-03-02T18:56:28.233Z (playframework#64)
  Upgrade branch 2.6.x using TemplateControl (playframework#63)
  Fix cross build to sbt 1.1.0 (playframework#62)
  Upgrade branch 2.6.x using TemplateControl (playframework#61)
  ...
@ennru ennru removed the triage label Nov 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wsargent @ennru @vy8