TLDR; This package contains a plugin to act as a cookie based session mechanism for a Javalin app.

The cookie is JWT based and requires a configured secret as part of the plugin setup.

The data which is stored in the cookie can be set as request attributes. Those can be filtered on specified criteria, so that not all attributes will be stored in the cookie.

Note that cookie based sessions have limitations, as the maximum cookie size is at 4kb.

Add the dependency to your gradle file.

compile 'de.spinscale.javalin:javalin-cookie-session-store:0.1.0'

If you are using maven

<dependency>
    <groupId>de.spinscale.javalin</groupId>
    <artifactId>javalin-cookie-session-store</artifactId>
    <version>0.1.0</version>
</dependency>

Register the plugin on javalin startup

SecretKey key = Keys.hmacShaKeyFor("some_secret_with_more_than_32_chars".getBytes());
Predicate<String> attributeFilter = s -> s.startsWith("session_");

Javalin javalin = Javalin.create(config -> {
    config.registerPlugin(new CookieSessionStorePlugin(key, attributeFilter));
});

The secret should be retrieved from an external configuration and should not be changed during restarts, as otherwise sessions would be lost.

Set an attribute works like this

javalin.get("/", ctx -> {
  // this attribute will be stored
  ctx.attribute("session_name", "Alexander");
  // this will not be stored in the cookie, does not match the attributeFilter
  ctx.attribute("foo", "bar");
});

Retrieving an attribute

javalin.get("/name", ctx -> {
  String name = ctx.attribute("session_name");
  ctx.json(Collections.singletonMap("name", name));
});

Ensure code coverage, run ./gradlew clean test jacocoTestReport

When opening pull requests, please ensure, you added a test.

• Check if one can use the session and ensure that the session cookie does not get written, but only this one
• Expose more cookie configuration options