Replies: 1 comment
-
Can you be a bit more specific? By form-based I guess you mean sending username and password via a html form to the server?
Hmm.. In https://www.playframework.com/documentation/3.0.x/JavaSessionFlash we have
In https://www.playframework.com/documentation/3.0.x/SettingsSession
On that page you also see the default session config if you scroll down (which you can override in your
Not sure what do you mean with token in the context of what you write here. What I can say is that after authentication was successful, you probably want to store some kind of user key/session id or whatever key you use to know that a user is logged in and authenticated.
Again, I can not answer that clearly because I do not understand what you mean exactly. |
Beta Was this translation helpful? Give feedback.
-
At first glance, the article https://www.playframework.com/documentation/3.0.x/JavaSessionFlash allows to easily implement the form-based authentication, setting the necessary time of expiration for session and transferring the token to the server. However, I am embarrassed by the lack of notes about security, like it was in the forms example. Therefore, I had the idea that these sessions are not intended for storage of such sensitive data as auth tokens. As a result, is it suitable and safe tool for authorizing users?
Beta Was this translation helpful? Give feedback.
All reactions