How to start unsecured Play Server in Production mode

Question

I'm developing a web server using Play Framework v2.5. It will run in intranet and will use HTTP, not HTTPS.

When I start Play Server in Development Mode, it works.

But in Production Mode Play Server sets Secure flag to Session Cookie.

Since connection uses HTTP and not HTTPS browser doesn't send Session Cookie and users cannot login.

How can I disable this feature and avoid setting Secure to Cookies in Play Production Mode?

Continuing investigation: Here you can find default settings for play configuration: github.com/playframework/playframework/blob/master/templates/… — Oleg Rudenko
If you use play2-auth then you should implement override lazy val tokenAccessor in your AuthConfigImpl — Oleg Rudenko

Salem Salem · Accepted Answer · 2016-09-23T15:10:15

Try to set play.http.session.secure=false in your application.conf file, or in the command line:

$ yourapp/bin/yourapp -Dplay.http.session.secure=false