Upgraded to SecureSocial 2.0.12 and now sessions are not being persisted

StackOverflow https://stackoverflow.com/questions/16625340

  •  29-05-2022
  •  | 
  •  

Question

I was using SecureSocial 2.0.7, and I’d implemented a UserServicePlugin, and users could log in. I could stop and restart the server (or recompile or whatever), and users would remain logged in.

Since upgrading to 2.0.12, the login session is not persistent across server restarts.

I’ve added debug logging to every method in UserServicePlugin. The user is being saved at login. However, when the server restarts, and I attempt to access a page as a previously-logged-in user, I just see in the logs:

[info] play - database [default] connected at jdbc:postgresql://localhost/xxxxxx
[info] application - [securesocial] loaded templates plugin: sec.SecureSocialViews
[info] play - Starting application default Akka system.
[info] application - [securesocial] loaded user service: class sec.LoginUserService
[info] application - [securesocial] loaded password hasher bcrypt
[info] application - [securesocial] loaded identity provider: userpass
[info] play - Application started (Dev)
[debug] application - [securesocial] calling deleteExpiredTokens()
[debug] application - deleteExpiredTokens
[debug] application - [securesocial] anonymous user trying to access : '/supplier/requests'

Any ideas? I wonder if for some reason the login cookie is getting nuked before it even gets as far as checking for an existing login session…

I’m using username/password authentication.

Was it helpful?

Solution

There was a change in the way user information is stored in the session. Instead of using the Play session cookie the module now uses a separate one. This cookie has an authenticator id. The user information is stored in an AuthenticatorStore implementation on the server side now. The default implementation uses the Play cache, that's why you need to authenticate again on recompilation. The data in the cache is being cleared.

If you want to keep users logged in after recompilation/restart you can:

  1. Create an implementation of AuthenticatorStore that persists things.
  2. Change the ehcache.xml file to persist in the filesystem (diskPersistent="true").
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top