The concrete example of the client side session in Play

56 views
Skip to first unread message

Tomita Kazuya

unread,
Jan 19, 2017, 12:15:42 AM1/19/17
to Play Framework

In play, the word "client-side session" seems to mean that all datas are stored in a cookie in the client during session. And PHP, which is known to use "server-side session" , I think it is possible to store all datas in the cookie. Probably the difference is whether the cookie is singed with a secret key or not, but I am not sure. In a normal session known as "server-side session", you can set a cookie which has a session ID and then the server should deal with the session ID and can find the related specified values. In this session, the client has only the session ID, which is just a long number. And specified datas are stored in the server-side, so I assume it is called "server-side session".

I know in Play this approach is also possible, which means the client has the session ID and the server has some specified datas normally in the cache. At the same time, Play enables pushing all datas into the client's cookie, signed with a secret key, and my question is under what types of implements should we use the "client-side session"? I don't imagine and an official document about Play's session doesn't mention so deeply.

What is the use case? When do you implement the client-side session? Any comment or answer should be highly appreciated.

Greg Methvin

unread,
Jan 19, 2017, 2:02:06 AM1/19/17
to play-framework
Hi Tomita,

Play's "session" abstraction stores values in a session cookie. So all the values will be sent in the HTTP request. Since the cookie is signed, we can make sure the client hasn't tampered with it. PHP's session actually stores the state locally on the server.

Typically Play's session is used to store a session ID, which is then used to look up the actual session information in a cache/database. This gives you more control and allows you to easily spread your state across servers. For example of how to do this see https://www.ibm.com/developerworks/library/wa-playful-web-dev-1-trs-bluemix/.

Also this stack overflow answer provides some more of the reasoning: http://stackoverflow.com/questions/32482221/difference-between-play-framework-session-and-php-session

Greg

--
You received this message because you are subscribed to the Google Groups "Play Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to play-framework+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/play-framework/c5a978b0-f87f-4af7-ab63-535d9c8b5dc1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
Greg Methvin
Tech Lead - Play Framework

Tomita Kazuya

unread,
Jan 19, 2017, 4:27:27 AM1/19/17
to Play Framework
Thank you for your reply, but I am not familiar with Scala, so after learning a little bit of Scala, then I checked how to implement the "server-side session".   However, roughly I have checked and I noticed normally developers use the server-side session and we just have approach to use the "client-side session" and indeed it is not so benetifical for many applications. Am I right?

2017年1月19日木曜日 14時15分42秒 UTC+9 Tomita Kazuya:
Reply all
Reply to author
Forward
0 new messages