Background: Why I need this: My application can be embed into iframe. By default safari browser on Mac have settings to disable third party cookies so effectively cookies are disabled for my app. I can not ask every one to allow third party cookies.
I need some way to authenticate requests even if cookie are blocked. Jetty and tomcat provides query string based session, but after I moved to play framework i could not find any information about this. Please let me know if there is simple way where I do not have manage session by my own by parsing query string manually.
Unfortunately, you have to implement by your own.
Play framework gives only stateless sessions out of box, which are stored on client side within cookies.
Just generate a token per user and send this token as a header value or as a query string parameter of every request and parse it on the server side to access session variables.