https://stackoverflow.com/questions/23502541
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianThe cookie is encoded in CookieBaker:
with an HMAC-SHA1 signature using Crypto.sign:
You have the application secret and presumably Node.js has the same signature algorithm, so you should be good to go.
How to reuse signed cookies set by Play Framework 2.2 in Node.js?
-
16-07-2023 - |
Pregunta
Background: My company has a REST-api developed in Play Framework 2.2 and we use Play's built in authentication using signed cookies as security. Our application is split up into multiple instances of Play all sharing the same application.secret. This enables us to read the session cookie on all instances of Play very easy.
Problem: Right now we're in the process of migrating some parts of the REST-api to Node.js and would like to use the same session cookie there (with same application.secret) to detect if a user is logged in or not. I've searched the internet and I haven't found anything on the topic.
Question: So, is it possible to do it? Is it considered secure enough or do I need to migrate to another method of authentication?
Solución
Licenciado bajo: CC-BY-SA con atribución
No afiliado a StackOverflow
