-
Notifications
You must be signed in to change notification settings - Fork 1
Session
MTDdk edited this page Oct 27, 2017
·
1 revision
Session handling can be achieved on the server side or client side.
Currently, jawn has a client side implementation that stores the entire session in cookies in the client browser.
A hash message authentication code (HMAC) is used for to validate no tampering has been done to the session cookie.
If the HMAC is not consistent with the data read from the cookie, the data gets rejected and cannot be fetched from the application.
These session values stored in cookies are not per default encrypted, but simply stores the values in clear text. The data can, however, be safely saved on the client browser by adding the following in jawn.properties:
security.cookie.encryption=true
security.secret=<encryption key>
The security.secret is set as a part of the overall security concept for jawn. See Security