Integrating Play Micro Services With Shared Sessions Through Javascript

This post is about how to integrate sessions in Play Framework servers through javascript. Where you have two different servers (micro services) and you want to share the session between them.

Because the session in play is just stored in a secured cookie the servers dont need to communicate, they just need the same encryption key application.secret usually in application.conf. This is used to sign the session cookie so if its changed the server rejects it.

To access routes on a different domain you will need to enable CORS on the server (cors cross origin resource sharing), see the html5rocks tutorial and play with cors this play cors filter implementation.

To let the javascript access the PLAY_SESSION cookie you need to set session.httpOnly=false in play's application.conf.

In the javascript when making the http request to the cross origin server you need to copy the PLAY_SESSION cookie. In Angular.js you can do that like this.


$http.get('http://different.origin.host/resource/', {
  headers: {
    'Cookie': 'PLAY_SESSION="'+$cookies.PLAY_SESSION+'"'
  },
  'withCredentials': true
})