Play Framework 1.2.4: Session Doesnt Change

Question

I am working on a Play Framework project and I am using SecureSocial plugin for user actions.

My problem is, according to Play Framework document, the session should have been closed and reset when I closed the browser tab and opened a new tab.

But when I close and reopen the tab, I see that the session id is still the same and user logs in directly without reopening the login page (because user info is still available on play session)

Here's the output from before and after I open a session:

Before

session = {sid=86, ___ID=80519f26-ccf9-4e6f-9f9a-0f2a3bbc7b20, securesocial.network=userpass, ___AT=4241355a05e419dabc6e16612275b3d932133707, securesocial.user=test}

And then I close and reopen the browser tab after a few seconds...

After

session = {___ID=80519f26-ccf9-4e6f-9f9a-0f2a3bbc7b20, sid=86, securesocial.network=userpass, ___AT=4241355a05e419dabc6e16612275b3d932133707, securesocial.user=test}

everything is the same. Sometimes it changes randomly.

By the way, I don't have any session settings in application.conf or anywhere else; everything is still in its default setting.

Answer 1

I've realized that this is a new "feature" on modern browsers. Unless you fully close all tabs and the browser itself entirely (in osx, right click and close), the browser wont close the session, so the user doesnt nee dto relog until they completely close the browser..

So in short, your session will not expire with just closing the "tab", but you have to close the "browser" entirely.

Answer 2

SocialSecure uses cookies - it checks if the user has been authenticated against a certain provider before. Deleting the cookies should allow you to test the functionality from the beginning.

Inside SecureSocial.java (in controllers.securesocial) - you should be able to check where inside checkAccess, getUserId is called (where it checks the cookie values for the user and provider).

Hope it helps