I was trying out play framework's session feature to make an authentication system. Adding data to the session stores them in cookie. I am using react and redux on client-side. When the user clicks on a login button, an AJAX call is sent by the client script. The server receives the request and checks the username and password and adds the user id to the session. The client script receives the response and then redirects to profile page. And because the AJAX response is not setting the cookie to the main site, the profile page redirection in turn gets redirected to the login page. I think the solution for this is server-side session. Is there any possibilities to implement server-side session in play framework using any modules?
2
votes
2 Answers
2
votes
You do not need to use server session, you need to return an authentication token in the response.
Here is a good article about your problem:
http://www.jamesward.com/2013/05/13/securing-single-page-apps-and-rest-services
And the example application:
1
votes
Authenticating via tokens as Andriy Kuba mentioned is probably the right way. Another way to do it would be JSON Web Tokens (JWT). Here's an article about it focusing on React.
https://medium.com/@rajaraodv/securing-react-redux-apps-with-jwt-tokens-fcfe81356ea0#.cd4hrm1a5
These are Scala JWT libraries:
