May 7th, 2015

device

Non-Transient Sessions in Play

A brief Nota Bene for users of Play Framework, mostly in case anyone else hits this silly problem and winds up in the same boat I've been in.

Querki has, until now, been entirely based on transient session cookies -- your session expires when you close the browser. That works okay on the desktop, since many of us *never* close our browsers, but turns out to suck on mobile: both Mobile Chrome and Mobile Safari seem to lose their transient cookies kind of at whim. (There's probably a definition of when somewhere, but I haven't found it yet.) Problem is, the Play Framework that Querki is built on has no documented way to set up a *non*-transient session. This has had me tearing my hair out for a year now.

Turns out that the answer, as usual, is to look at the source code. (Yay for open source.) It turns out that there is an as-far-as-I-can-tell-undocumented "session.maxAge" configuration variable, which sets the max-age setting on the session cookies, which is exactly what you want in the real world. There are also config variables for the other major aspects of the session cookie.

So as far as I can tell, to manage your session cookies, you want to use this config structure:
session {
  maxAge : nnnn  # Number of milliseconds for a session to live; if not specified, session is transient
  secure : true/false  # Whether to require HTTPS for a valid session cookie, default false
  httpOnly : true  # Whether to prevent JavaScript from accessing the session cookie, default true
  domain : xxxx  # The domain to use for the session cookie?  Not sure
}
I'll be trying this out on Querki later today; hopefully it'll fix the problem.
device

New toy

Oh, and the inspiration for the previous post: I just got a new phone, while only has Chrome by default. It appears that the long-deprecated Android Browser has ceased to be distributed somewhere along the line. So Querki is about to start driving me crazy unless I fix this mobile-cookie problem.

The new phone is a Nexus 6, the biggest Hunk o' Glass that currently gets called a "phone". (Roughly the same size as the iPhone 6+, I believe.) It's kind of ridiculous, but beautiful, and I'm happy to see that, while the screen is enormous, it's actually a tad thinner than my old Galaxy Nexus (effectively the Nexus 3), and not noticeably heavier. I bought it mostly to get Android 5 (Lollipop), which has lots of splufty new features. More opinions forthcoming as I use it...