This is the grails plugin that allows you to store the session data in a cookie like Rails or Play!.
It makes a grails application more stateless. So you could more easily scale the application on a clustered environment (including some cloud platforms like Heroku).
You can install the plugin by the grails install-plugin command.
grails install-plugin cookie-session
You should be aware of the replay attacks when you use the cookie based session store.
Even if someone sniffs a user's cookie, and replay the cookie to your application, the application cannot detect this. (they may log in to your application or ...).
All the session data will be stored in a cookie data. so the size must be up to 4kb.
The plugin can be configured in "Config.groovy".
| name | default | description |
|---|---|---|
| grails.plugin.cookiesession.enabled | Development Mode: false, The others: true | If false, the plugin won't be loaded. |
| grails.plugin.cookiesession.id | gsession | The cookie's name used for storing session data. |
| grails.plugin.cookiesession.timeout | 30 | Session timeout (minutes) |
| grails.plugin.cookiesession.hmac.secret | - (Required) | A secret key used for preventing a session cookie from being forged. It should be kept private and unique. |
| grails.plugin.cookiesession.hmac.id | gsesshmac | The cookie's name used for storing a session HMAC. |
| grails.plugin.cookiesession.hmac.algorithm | HmacSHA1 | An algorithm used for an HMAC. |
Config.groovy
grails.plugin.cookiesession.enabled = true
grails.plugin.cookiesession.id = "grails-session"
grails.plugin.cookiesession.timeout = 30
grails.plugin.cookiesession.hmac.id = "grails-session-hmac"
grails.plugin.cookiesession.hmac.algorithm = "HmacSHA1"
grails.plugin.cookiesession.hmac.secret = "Please enter your unique secret key!".bytes.encodeBase64(false).toString()