Hello, I started recently working on a small side-project containing akka-http directives to handle client-side sessions, csrf protection and remember-me. The motivation is to fill in the missing piece necessary to use akka-http as a backend for SPA webapp.
I'd like things to be quite secure, hence: * the sessions are signed, optionally encrypted and with an optional expiry date * csrf uses headers as the preferred method of submitting the token (in addition to a cookie) * remember-me hashes tokens, uses selectors in addition to tokens Sessions are typed, so it's quite easy to store a simple case class (client-side). Here's the github repo: https://github.com/softwaremill/akka-http-session which also contains a very-very simply example app: https://github.com/softwaremill/akka-http-session/blob/master/example/src/main/scala/com/softwaremill/example/Example.scala The project is just over a week old, so code reviews / comments / etc. more than welcome :) Adam -- >>>>>>>>>> Read the docs: http://akka.io/docs/ >>>>>>>>>> Check the FAQ: >>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user --- You received this message because you are subscribed to the Google Groups "Akka User List" group. To unsubscribe from this group and stop receiving emails from it, send an email to akka-user+unsubscr...@googlegroups.com. To post to this group, send email to akka-user@googlegroups.com. Visit this group at http://groups.google.com/group/akka-user. For more options, visit https://groups.google.com/d/optout.