play scala secure session example

[henrym...@gmail.com]

The secure session example at https://github.com/playframework/play-scala-secure-session-example uses Akka's distributed data for as a Cache.

It appears to use TCP based on the configuration file:
https://github.com/playframework/play-scala-secure-session-example/blob/2.6.x/conf/application.conf#L41

Is there any way to enable SSL and block connections external to the cluster?

Alternatively, what are others using for secure session caching between otherwise stateless play applications?

Thank you,
Henry

[Will Sargent]

It’s using Artery, which is UDP.  Java doesn’t have a good DTLS implementation yet.  You can tunnel over IPSEC, I think.

In production you would use a key value store like Redis for session data, or just use a database.

--
You received this message because you are subscribed to the Google Groups "Play Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to play-framewor...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/play-framework/72cfeaef-3934-4a43-996d-9246c1dd9720%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Will Sargent]

Btw it looks like the pull request to upgrade it to 2.6.5 is still open

[henrym...@gmail.com]

Thank you. I'll look for an alternative. Redis does not support encryption and so it would require an SSL proxy. I am trying to limit the number deployment dependencies.

I know EHCache can be backed by a database, but I need to understand how cache invalidation works when the user is logged out and the session is destroyed. I would think there is also some sort of socket involved for cache invalidation notifications.