Menu
I want to store an authentication token with Play Framework that outlives the current session, perhaps for days or even weeks - so that users don't have to login every time.
What is the recommended way to do this?
444
Play is rock-solid and used by hundreds of thousands of Java and Scala developers every month. Play is still extremely relevant to today's application and web development and has a passionate and very capable community around it ensuring that it has many good years left.
The default name for the cookie is PLAY_SESSION . This can be changed by configuring the key session. cookieName in application. conf.”
The activator command can be used to create a new Play application. Activator allows you to select a template that your new application should be based off. For vanilla Play projects, the names of these templates are play-scala for Scala based Play applications, and play-java for Java based Play applications.
Play comes with two configurable server backends, which handle the low level work of processing HTTP requests and responses to and from TCP/IP packets. Starting in 2.6. x, the default server backend is the Akka HTTP server backend, based on the Akka-HTTP server.
The response object has a method setCookie, which does exactly what you want
response.setCookie("playlonglivecookie", yourData, "14d");
Remember, that the data stored in the cookie is not encrypted, so if you want to encrypt it, then use the Crypto.sign method. Which signs your code using the play framework secret key.
http://www.playframework.org/documentation/api/1.1.1/play/mvc/Http.Response.html#setCookie(java.lang.String,%20java.lang.String)
128
I would also advise you to have a look at the secure module provided in play-1.x/modules/secure and the file Secure.java... it provides a checkbox "remember me" in the login form which allows keeping you logged for eternity.
and the code of this function (specially the response.setCookie at the end):
public static void authenticate(@Required String username, String password, boolean remember) throws Throwable {
// Check tokens
Boolean allowed = false;
try {
// This is the deprecated method name
allowed = (Boolean)Security.invoke("authentify", username, password);
} catch (UnsupportedOperationException e ) {
// This is the official method name
allowed = (Boolean)Security.invoke("authenticate", username, password);
}
if(validation.hasErrors() || !allowed) {
flash.keep("url");
flash.error("secure.error");
params.flash();
login();
}
// Mark user as connected
session.put("username", username);
// Remember if needed
if(remember) {
response.setCookie("rememberme", Crypto.sign(username) + "-" + username, "30d");
}
// Redirect to the original URL (or /)
redirectToOriginalURL();
}
Pascal
7
With play > 2.5 setCookie is deprecated.
you can use instead:
Http.Response.setCookie(Http.Cookie cookie)
You can create a new cookie with the builder:
Http.Cookie.builder("name", "value").withMaxAge(15).build();
15 days is the expiration date
Reference: https://www.playframework.com/documentation/2.5.x/api/java/play/mvc/Http.Response.html#setCookie-play.mvc.Http.Cookie-
Example: https://github.com/playframework/playframework/blob/master/framework/src/play/src/test/java/play/mvc/CookieBuilderTest.java
1
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
