Upgraded to SecureSocial 2.0.12 and now sessions are not being persisted - McMap

About

Upgraded to SecureSocial 2.0.12 and now sessions are not being persisted

Asked 18/5, 2013 at 14:24 Answered 23/5, 2013 at 23:35

Solved playframework-2.0 securesocial

M

1

6

I was using SecureSocial 2.0.7, and I’d implemented a UserServicePlugin, and users could log in. I could stop and restart the server (or recompile or whatever), and users would remain logged in.

Since upgrading to 2.0.12, the login session is not persistent across server restarts.

I’ve added debug logging to every method in UserServicePlugin. The user is being saved at login. However, when the server restarts, and I attempt to access a page as a previously-logged-in user, I just see in the logs:

[info] play - database [default] connected at jdbc:postgresql://localhost/xxxxxx
[info] application - [securesocial] loaded templates plugin: sec.SecureSocialViews
[info] play - Starting application default Akka system.
[info] application - [securesocial] loaded user service: class sec.LoginUserService
[info] application - [securesocial] loaded password hasher bcrypt
[info] application - [securesocial] loaded identity provider: userpass
[info] play - Application started (Dev)
[debug] application - [securesocial] calling deleteExpiredTokens()
[debug] application - deleteExpiredTokens
[debug] application - [securesocial] anonymous user trying to access : '/supplier/requests'

Any ideas? I wonder if for some reason the login cookie is getting nuked before it even gets as far as checking for an existing login session…

I’m using username/password authentication.

Mccowyn answered 18/5, 2013 at 14:24 Comment(2)

Could it be anything to do with SecureSocial storing things in the Play Cache? (I’m just using the default, in-memory Play Cache.) – Mccowyn 18/5, 2013 at 14:38

I'm finding this too on Play 2.1 and Master branch Securesocial. I have a DB-backed user service and have configured ehcache to persist to disk. However, when restarting the server, all users are logged out. Frustrating. – Idzik 19/5, 2013 at 9:53

H

4

There was a change in the way user information is stored in the session. Instead of using the Play session cookie the module now uses a separate one. This cookie has an authenticator id. The user information is stored in an AuthenticatorStore implementation on the server side now. The default implementation uses the Play cache, that's why you need to authenticate again on recompilation. The data in the cache is being cleared.

If you want to keep users logged in after recompilation/restart you can:

Create an implementation of AuthenticatorStore that persists things.
Change the ehcache.xml file to persist in the filesystem (diskPersistent="true").

Hyoscyamus answered 23/5, 2013 at 23:35 Comment(2)

Did you copy the ehcache.xml file to your app/conf directory? – Hyoscyamus 28/5, 2013 at 17:24

Thanks! Just had a chance to get back to this, and have a wee look. Looks fairly straightforward to implement an AuthenticatorStore which persists to my database. V. annoying that it’s not documented anywhere though! – Mccowyn 11/6, 2013 at 13:33

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.