Geek asks and answers

How to save SecureSocial users?

I have a Play 2.0.4 web application that uses SecureSocial so that users can log in through third-party providers like twitter, facebook and gmail. At this point, I am not using my own UsernamePasswordProvider; maybe I'll add this later.

I need my users to stay on the system for a long time, maybe a week. In my case, a user session is used only for various convenient functions, such as settings, so the risks associated with long-lived sessions are definitely less important than the convenience of not having to log in every time.

It looks like the session is currently stored in an ephemeral cookie, which disappears when the user quits the browser. There is a sessionTimeOut parameter in the configuration file, but the target seems to end the session in the browser, which remains open for a long time. At least the session is terminated immediately when I close and reopen the browser, even if this timeout is set to a large number.

What is the recommended way to keep users registered for a long time?

+5
source share
3 answers

The last shot from the wizard (for Play 2.1) has a new property that makes the authenticator cookie persistent if you need it. In your configuration file, you can add:

securesocial.cookie.makeTransient=false
securesocial.cookie.absoluteTimeoutInMinutes=1440
securesocial.cookie.idleTimeoutInMinutes=1440

cookie 24hs.

+3

2.2 cookie securesocial.conf, :

cookie {
    name=id
    path=/
    httpOnly=true
    idleTimeoutInMinutes=1440
    absoluteTimeoutInMinutes=1440
}
+2

configs are defined and used here: CookieAuthenticator

you can hover over a variable and see how configs are used.

two config: absoluteTimeout and idleTimeout are used for different purposes, this line controls when the cookie will be considered valid

so I suggest you use a much larger value for absoluteTimeoutInMinutes than another

+2
source

More articles:


All Articles