Access Cookie via Javascript

[Gambo]

Hi there,

I found a nice article about client side authentication with backbone.js(http://blog.opperator.com/post/15671431847/backbone-js-sessions-and-authentication).

Therefore I need to access a cookie which generated from server side.

This leads me to the question how do I access the play cookie where some user information is stored in? I am using the Securesocial framework which stores its information in cookies as well.

Is there any chance to do this or are there any alternatives?

Thanks for your help

[Gambo]

No one has any idea? These days this should be a common problem when needing user information on client side via JavaScript. It would be great if somebody could help me or at least give me a hint.

[Daryl]

By default, cookies should be available via Javascript. There is an option in application.conf to set session cookies as HttpOnly.

> application.session.httpOnly = true

If you are setting the cookie manually, there is a response method that allows you to control this, but the default is *not* HttpOnly:

> Http.Response.setCookie(String name, String value, String domain, String path, Integer maxAge, boolean secure, boolean httpOnly)

[Nilanjan]

I am not sure I understand the question. You can access cookies in Javascript like you do normally (document.cookie or something). If you are interested in the cookie Play is using for the session then you can look it up using the name "PLAY_SESSION" or  whatever value is set to session.cookieName configuration property.

Nilanjan

[Gambo]

Thanks for your answers - I could now access the cookie value. Sadly its a not separated string. Is there a chance to have the value pairs separated somehow so that I could split them easily in JS?

[Gambo]

thanks but i am using 1.2.5. I understand that in play you can only have one cookie in a session.

Am Freitag, 24. August 2012 18:20:15 UTC+2 schrieb Jean-Christophe Denis:

I think you'd better manage your own cookie : http://www.playframework.org/documentation/2.0.2/ScalaResults

Keep in mind that play session cookie content is signed using SHA to prevent client side modifications ... which would be a huge security issue otherwise ;-)

JC 

[Dominik Dorn]

then just take a look at 

play.mvc.Scope.Session in the file

framework/src/play/mvc/Scope.java

there you can see how the session cookie gets created/readed. if you leave the signing stuff out, 

you can easily use the session from javascript.

don't implement signing on the client side.. it would require you to expose your secret-key to the client

which would create a huge security hole in your app.

--
You received this message because you are subscribed to the Google Groups "play-framework" group.

To view this discussion on the web visit https://groups.google.com/d/msg/play-framework/-/2jYOKwWtl5EJ.

To post to this group, send email to play-fr...@googlegroups.com.
To unsubscribe from this group, send email to play-framewor...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/play-framework?hl=en.

--
Dominik Dorn
http://dominikdorn.com
http://twitter.com/domdorn

Skripten, Mitschriften, Lernunterlagen, etc. findest Du auf http://www.studyguru.eu !