I have user login feature in my application. I used Scala Play Framework as controller. I create sessions using withSession('userId'->userIDValue) for different users. My application has a feature that there will be one super user and super user can delete user. Now what happens is that if super user deletes a user but that user is logged in then that user's session is running till cookie of browser expires. Play Framework is stateless; is there any way to solve this problem?
-
This might be of help (I hope): stackoverflow.com/a/20773809/497398mfirry– mfirry2015-04-13 14:18:40 +00:00Commented Apr 13, 2015 at 14:18
-
possible duplicate of Play framework handling session statejohanandren– johanandren2015-04-14 11:51:23 +00:00Commented Apr 14, 2015 at 11:51
-
Is it okay to remove the deleted user session on the next request?Bla...– Bla...2015-04-17 06:26:11 +00:00Commented Apr 17, 2015 at 6:26
Add a comment
|
1 Answer
On incoming requests, I think you need to verify that a user is still active on the Play side, and not just only trust the session.
If that's an expensive operation, e.g., you have to make a database call to verify if a user is still active, then maybe you can use the Play Cache API. If you only have one Play server instance, then it should be pretty easy -- you can just set something in the cache when the super user deletes a user, and have the cache item expiration be longer than your cookie expiration. If you have multiple Play server instances, then it's tricker. :)
