Like all frameworks using cookie-based sessions, the linchpin to session security in Play Framework is the signing key for session cookies. There's
discussion around setting it to something secure initially, but allowing seamless rotation would probably be a good idea too so the secret remains a moving target. For
Koa, it's a core feature, and Heroku now have a
plugin for performing automatic key rotation on a fortnightly basis. Both mechanisms work by accepting values produced by older keys after rotation to a new key so that users don't notice the switch.
To implement this in Play Framework I suggest altering play.api.libs.Crypto to allow either a list or a string for application.secret. In terms of operation, Crypto.sign and Crypto.encryptAES use the first value for the list of secret keys, but Crypto.extractSignedToken and Crypto.decryptAES check all secret keys. Best case performance would be similar, with obviously slower worst-case performance for tampered values.
Does this sound worthwhile? I've been playing around with the code, and other than processing ConfigException$WrongType it doesn't appear too difficult.
-- Tim