PLAY SESSION - Fluid Topics

PLAY SESSION - Fluid Topics - 3.7

Fluid Topics Integration Guide

Operating system

Debian

Category

Reference Guides

Audience

public

Version

3.7

PLAY_SESSION is Fluid Topics session cookie. It is a JWT token managed by Play Framework.

Its behavior can be configured but currently, Fluid Topics uses the default settings.

The content of this cookie can be deobfuscated on JWT.IO website.

For example, the following value

eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7ImlkIjoiZDAzZTBjMjYtMDJhNS00NDU5LWIwZmUtZjk4MDcwODE4ZjdjIiwidXJsQWZ0ZXJMb2dpbiI6Imh0dHA6Ly9kb2MuYW50aWRvdC5uZXQifSwibmJmIjoxNTM4MDM0NDIwLCJpYXQiOjE1MzgwMzQ0MjB9.V29tBlQxS-Nncm3Dj7rHOvGG2-q_xBcZ2tqhLsKpLVw

contains the following payload

{
  "data": {
    "id": "d03e0c26-02a5-4459-b0fe-f98070818f7c",
    "urlAfterLogin" : "http://doc.antidot.net"
  },
  "nbf": 1538034420,
  "iat": 1538034420
}

The data hold the business information Fluid Topics needs.

Currently only two properties can be found:

id: the session ID of the anonymous or logged-in user
urlAfterLogin: the web-application page from where an SSO login was initiated (only visible during an SSO login and removed at the end)

Business information is gathered inside the data property which is a custom JWT claim.
The surrounding properties are optional claims defined in the JWT specification.
Here, Play Framework is using nbf (which stands for "Not Before") and iat (which stands for "Issued At") to validate when the session cookie can be used.