Join GitHub today
Cannot modify PLAY_SESSION when calling with no cookie and CSRF token is added to session #3471
Using Play for Java version 2.2.3
I've created a small sample app here: https://github.com/Ronnie76er/play-csrf-issue.
What I'm trying to do is add another variable to the play session. It works fine when a cookie with a CSRF token is already established. However, if you call the endpoint with no cookie, you cannot modify the session any further.
I believe what is happening is that Http.Context.current() doesn't get you the current context that's going to be returned with the call, therefore your modifications to the session are useless.