Web & mobile session management using akka-http
Almost all web & mobile applications need some kind of session support: after logging in, state should be maintained which allows to identify the user on the server during subsequent requests in a secure way, so that the data cannot be tampered with.akka-http
is a great toolkit for building reactive mobile/web backends, using an elegant DSL; akka-http-session
builds on top of that to provide secure session management.
We'll discuss how session storage can be implemented, what are the security challenges (with an emphasis on cookies) and what kind of solutions akka-http-session
provides. We'll also do a quick introduction to JWT
(Json Web Tokens), one of the supported formats for encoding session data.
Finally, no presentation can be complete without a live demo showing how using akka-http-session
looks like in practice.