[Question] Scala secure session, is this a must?

[vy8]

Hi! I have a couple of apps running in production with Play! and I use simple cookie based authentication where I just store the username in the session and check for it in Authenticated Actions.
Very similar to how this example does it: https://alvinalexander.com/scala/how-to-implement-user-authentication-play-framework-application

Then I've noticed the play-scala-secure-session-example and got a little scared.

Is the way I'm using auth viable for production or should I try to encrypt the session ASAP?

[wsargent]

There's nothing wrong with storing information in the cookie as long as you know that it's public and can be read by the browser. If you have information that you don't want the user to have access to, then a secure session lets you keep client information on the browser without letting the user see what it is.