(see todos, from now I will add todos there)
- Use a 'real' database.
- Add testing(may use JUnit, but as it is a REST API, I would like to use use selenium, or a JAVA alternative of selenium)
- Spark has some serious problems(see this) it has another problem, there is no way(I have tried to find a solution for it in the internet) to send a secure(I mean secure flag is true) JSESSIONID to the client's browser, when the communication is over a SSL. see this, I cannot use this solution as sparkjava doesn't have a 'WEB-INF' thing, maybe I need to configure the embedded Jetty to use a WEB-INF, or just use a secure JSESSIONID Someone has found a workaround, i.e., to create a custom cookie rather than to use JSESSIONID(see this)
- Check thoroughly that the cookies are secure or not
- Use something else rather than sparkjava(like jersey, javelin or the best Spring boot)