Bear Bibeault wrote:What's your beef with the cookie-based sessions? The cookies are encrypted.
Bear Bibeault wrote:Ah. Perhaps you are over-using the session?
Ulf Dittmer wrote:String-only sessions seem odd indeed. Using cookies for session storage even more so. Maybe Play lets you access the HttpServletRequest object, from where you could get the HttpSession?
An alternative you could implement would be to store the data in a DB, and just put the main key into the session.
Joe Harry wrote:May be or may not be. Would you consider putting a shopping cart information in the session? Is that a case of over-using the session? My situation is similar to that!
The Play framework suggests to use a Cache (provided in the Play API) as an alternate to using session, but at the same time, they also claim that there is no guarantee for the data to remain in the cache even though we set a time limit for that object to live in the Cache. I'm now afraid to use it.
Steve Luke wrote:
What I think you should do is store the shopping cart information in the DB. Store an Object with the data in it in the Cache, and store a key to finding the Object in the session (the key for the shopping cart could be the user's ID if it is unique and you only allow one cart per user). The cookie gives you the key to finding the data you need, and if it isn't in the cache you load it from the DB. Also store the key in the user's database entry so if the user's session times out or he logs out or something else happens, when he comes back he still has access to his shopping cart.
Ulf Dittmer wrote:Sounds good! Please let us know which workarounds you had to put in place, and which difficulties you had to overcome. I'm sure a lot of people here would like to hear about that.