stackoom
  简体   繁体   中英

Play! framework: using session for authentication

 原文  2012-08-22 14:20:51       java/ authentication/ login/ web/ playframework-2.0

Question

so I'm using Play! framework for a website project.
I'm using session to determine if the user has logged in: 

session("connected", user.getId().toString());

then, I can identify who's the user when I want to easily.

I got two questions:

  1. is this the best-practice?
  2. are there vulnerabilities in my simple login system, and how to abolish them?

1 answers

solution1
 5 ACCPTED  2012-08-22 14:33:04

It's simple and secure, as session scope's cookies are signed with a secret key. If there is no need for storing large amount of data for each session it should be OK.

Take a look for existing solutions (ie. zentasks sample).

Edit :

On the other hand you can consider using Play Authenticate, I've added session handling to sample in my fork (branch 2.0.4_session) in samples/java/play-authenticate-usage , it's just 3 commits, so it's quite easy to merge it to the existing play-authenticate-usage implementation.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Play Framework - Proxy request with session authentication Play Framework : Get session using session id In Play 2 framework (Java), how to add User object to session after authentication Play! Framework Authentication with LDAP Play framework 2 authentication options Play framework empty session Using scala and java in play framework 2.1 : Session usage Kerberos authentication in Play framework 2.1 Play Framework 2 Java Optional authentication User Authentication - Play Framework, Java
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM