RememberMe on login page

Hi All,

This is my first post so let me start off with my introduction. I am software Engg. In my current project which is based on Springs and ACEGI i needed to implement "RememberMe" option on the login page.

For this i have created a .js file with javascript functions to save,delete and get cookies. In the Login page on "onSubmit" i am calling the following functions of "login.js":

onsubmit="saveUsername(this);savePassword(this);sa veCheckBoxCookie(this);return validateForm(this)"

And hence saving three cookies. And i am saving cookies only if the checkbox is checked otherwise i am simply deleting the cookies. My login.js is:

<script type="text/javascript"> if(getCookie("checkbox") != null) { document.forms[0].rememberMe.checked=true; } if(getCookie("uname") != null && getCookie("pword") != null && getCookie("checkbox") ) { $("j_username").value = getCookie("username"); $("j_password").value = getCookie("password"); $("j_username").focus(); } else { $("j_username").value = ""; $("j_password").value = ""; $("j_username").focus(); } // sets a cookie to find whether the checkbox is checked or not function saveCheckBoxCookie(theForm) { if(document.forms[0].rememberMe.checked) { var expires = new Date(); expires.setTime(expires.getTime() + 24 * 30 * 60 * 60 * 1000); // sets it for approx 30 days. setCookie("checkbox",theForm.rememberMe.value,expires,"<c:url value="/"/>"); } else { deleteCookie("checkbox"); } } function saveUsername(theForm) { if(document.forms[0].rememberMe.checked) { var expires = new Date(); expires.setTime(expires.getTime() + 24 * 30 * 60 * 60 * 1000); // sets it for approx 30 days. setCookie("username",theForm.j_username.value,expires,"<c:url value="/"/>"); } else { deleteCookie("username"); } } function savePassword(theForm) { if(document.forms[0].rememberMe.checked) { var expires = new Date(); expires.setTime(expires.getTime() + 24 * 30 * 60 * 60 * 1000); // sets it for approx 30 days. setCookie("password",theForm.j_password.value,expires,"<c:url value="/"/>"); } else { deleteCookie("password"); } } function validateForm(form) { return validateRequired(form); } function passwordHint() { if ($("j_username").value.length == 0) { alert("The <fmt:message key="label.username"/> field must be filled in to get a password hint sent to you."); $("j_username").focus(); } else { location.href="<c:url value="/passwordHint.html"/>?username=" + $("j_username").value; } } function required () { this.aa = new Array("j_username", "<fmt:message key="errors.required"><fmt:param><fmt:message key="label.username"/></fmt:param></fmt:message>", new Function ("varName", " return this[varName];")); this.ab = new Array("j_password", "<fmt:message key="errors.required"><fmt:param><fmt:message key="label.password"/></fmt:param></fmt:message>", new Function ("varName", " return this[varName];")); } </script>

The functions to set, delete and get cookies are in "global.js".


My loginForm.jsp is:

<%@ include file="/common/taglibs.jsp"%> <form method="post" id="loginForm" action="<c:url value="/j_xadmin_security_check"/>" onsubmit="saveUsername(this);savePassword(this);saveCheckBoxCookie(this);return validateForm(this)"> <fieldset> <ul> <c:if test="${param.error != null}"> <li class="error"> <img src="<c:url value="/images/iconWarning.gif"/>" alt="<fmt:message key="icon.warning"/>" class="icon" /> <fmt:message key="errors.password.mismatch"/> <!--<c:out value="${sessionScope.ACEGI_SECURITY_LAST_EXCEPTION.message}"/>--> </li> </c:if> <li> <label for="j_username" class="desc"> <fmt:message key="label.username"/> <span class="req">*</span> </label> <input type="text" class="text medium" name="j_username" id="j_username" tabindex="1" /> </li> <li> <label for="j_password" class="desc"> <fmt:message key="label.password"/> <span class="req">*</span> </label> <input type="password" class="text medium" name="j_password" id="j_password" tabindex="2" /> </li> <c:if test="${appConfig['rememberMeEnabled']}"> <li> <input type="checkbox" class="checkbox" name="rememberMe" id="rememberMe" tabindex="3"/> <label for="rememberMe" class="choice"><fmt:message key="login.rememberMe"/></label> </li> </c:if> <li> <input type="submit" class="button" name="login" value="<fmt:message key="button.login"/>" tabindex="4" /> <p> <fmt:message key="login.signup"> <fmt:param><c:url value="/signup.html"/></fmt:param> </fmt:message> </p> </li> </ul> </fieldset> </form> <% // checks wheter the credentials are correct or not. if(!com.elsevier.xadmin.appfuse.dao.UserDetailsAuthenticationProviderImpl.flag) { %> <SCRIPT language="javascript"> deleteCookie("username"); deleteCookie("password"); </SCRIPT> <% } // Checks whether the User has logged out or not and if the session is null. // If the user has logged out and the request is new then the User will not get logged in automatically. if (com.elsevier.xadmin.framework.InvalidateSessionHandler.logoutflag && request.getSession() == null) { %> <SCRIPT language="javascript"> document.forms[0].submit(); </SCRIPT> <% } %> <%@ include file="/scripts/login1.js"%>

Everything works perfectly fine but the problem is that the cookies are remembered i.e the username and password can be seen filled only for approx an hour. After one hour the username and password cookies gets Everything works perfectly fine but the problem is that the cookies are remembered i.e the username and password can be seen filled only for approx an hour. After one hour the username and password cookies gets deleted. This is very strange. And the strange thing is that the checkbox cookie does not get deleted it can be seen there in the browser.

Although the cookies life is set to 30 days.


I think this is because of ACEGI. ACEGI security is doing something that i am not able to resolve.
I am new to Springs and ACEGI.

Please help !!

Um, if you are using Spring Security, the current name for what was Acegi.

Anyway, in Spring Security you have an xml file that has all the <intercept-url>. When you set this up, you set up the Filter Chain too. You can modify or add to the filter chain. One of the options in the xml is for remember me, so you don't have to go through all that trouble to set it up. Why go and write all that Javascript.

Well here is the doc page for remember me
http://static.springframework.org/spring-security/site/reference/html/remember-me.html

Mark

Hi Mark, Thank you for the reply.

I have the following requirements:

1) When the user opens the Login page for the first time the Checkbox will be unchecked.

2) Once the user has checked the “RememberMe” Checkbox it will remain checked till the time user unchecks it. Even if the user opens a new browser it will remain checked.


3) If the “RememberMe” Checkbox is checked, Next time when user opens the Login page the text boxes will be filled by the correct Username and the Password that user has entered earlier. Even if the user closes the current window and opens a new one the credentials can be seen filled there.

4) If the user unchecks the “RememberMe” Checkbox the credentials will be no longer can be seen filled there.


5) If the user enters wrong credentials then that will not be remembered.

6) If the user after successful login closes the browser without logging out from the “mainMenu.jsp”, Next time when the user opens the login page he does not need to login again, in fact will be logged in automatically.

This application is already built by using Appfuse. Its not like i have written all this javascript code. I have just made some additions into that.

I just do not understand why the username and password cookies are getting deleted after some time say approx one hour. And the strange part is that the checkbox cookies is not deleted. Although the life is set to 30 days.
And only using the filter will not fullfill all these requirements.

If the link I posted doesn't help, then unfortunately, I don't know any more than that. Sorry.

Mark