4

I am using "SecureSocial" for authentication in my project. I have an issue which have been halfly answered on stack overflow, Whenever I refresh my project (because of a file change,etc), I have to re-login. Below are the related questions:

  1. Getting logged out of securesocial on compile and on clustered servers

  2. securesocial fake log in when developing

On both questions, this behaviour is blamed on the SampleUserService which is memory-based. I can understand that. In my case, I have implemented my own UserService, which persists user login information to a database (I know it because on refreshing the project I don't have to re-register and only have to log in). This is pretty annoying and time consuming while developing. To overcome this, someone provided an answer for the second question as follows:

"SecureSocial by default uses the default Play cache for storing authenticators (that match the cookies to the logged in user). The default play cache is EHCache and it's configured using the ehcache.xml that you can find in the jars. The default configuration is strictly in memory which means that when the app restarts, it loses all the values. Fortunately, it's pretty easy to overwrite the EHCache configuration to write to the disk."

Having said above, I have the following questions:

  1. Suppose that I leave the EHCache settings as they are, which means that in any app refresh, a new login is required. Now, suppose that you have 500,000 users (active and logged in) on 10 different machine and you want to do a rollout. Does this mean that all my 500,000 will have to log-in again? I don't think if reality is this, cause we had get logged out several times per week or month from facebook or linkedin etc,..., Can someone explain?

  2. Suppose that I do what is mentioned above (changing the default settings for EHCache). which means persisting the cache. Is this a right/good way to go in production? is it just a workaround for the problem mentioned while development and should not go on production. If it should not go on production, then I this right that all of my 500,000 will have to log-in again?

If I am missing something please tell me. Maybe my questions rise from my lack of knowledge about secure social plugin. Thanks

Community
  • 1
  • 1
Hossein
  • 40,161
  • 57
  • 141
  • 175
  • By rollout you mean deploy new version? Why would you lose the cache during redeploy? – František Hartman Mar 05 '14 at 10:29
  • If you make the cache persistent or you deploy node by node then the information about users will stay in the cache and as long as it can be deserialized again (this could not be possible e.g. between versions of secure social plugin) your users will stay logged in. – František Hartman Mar 05 '14 at 13:07

0 Answers0