so I'm using Play! framework for a website project.
I'm using session to determine if the user has logged in:
session("connected", user.getId().toString());
then, I can identify who's the user when I want to easily.
I got two questions:
It's simple and secure, as session scope's cookies are signed with a secret key. If there is no need for storing large amount of data for each session it should be OK.
Take a look for existing solutions (ie. zentasks sample).
Edit:
On the other hand you can consider using Play Authenticate, I've added session handling to sample in my fork (branch 2.0.4_session) in samples/java/play-authenticate-usage, it's just 3 commits, so it's quite easy to merge it to the existing play-authenticate-usage implementation.
