I am working on a Play Framework project and I am using SecureSocial plugin for user actions.
My problem is, according to Play Framework document, the session should have been closed and reset when I closed the browser tab and opened a new tab.
But when I close and reopen the tab, I see that the session id is still the same and user logs in directly without reopening the login page (because user info is still available on play session)
Here's the output from before and after I open a session:
session = {sid=86, ___ID=80519f26-ccf9-4e6f-9f9a-0f2a3bbc7b20, securesocial.network=userpass, ___AT=4241355a05e419dabc6e16612275b3d932133707, securesocial.user=test}
And then I close and reopen the browser tab after a few seconds...
session = {___ID=80519f26-ccf9-4e6f-9f9a-0f2a3bbc7b20, sid=86, securesocial.network=userpass, ___AT=4241355a05e419dabc6e16612275b3d932133707, securesocial.user=test}
everything is the same. Sometimes it changes randomly.
By the way, I don't have any session settings in application.conf or anywhere else; everything is still in its default setting.
I've realized that this is a new "feature" on modern browsers. Unless you fully close all tabs and the browser itself entirely (in osx, right click and close), the browser wont close the session, so the user doesnt nee dto relog until they completely close the browser..
So in short, your session will not expire with just closing the "tab", but you have to close the "browser" entirely.