• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Liutauras Vilda
  • Paul Clapham
Sheriffs:
  • paul wheaton
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Piet Souris
Bartenders:
  • Mike London

Spring Security "Remember Me" option not restoring sessions

 
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Suddenly Spring security remember-me option has stopped to work. Now when I check "remember me" checkbox at login page and then close my browser, it asks me to login again instead of just restoring my session.
remember-me

Further investigation revealed that:

  • It still creates new series/token/last_used fields in DB, but never updates it. So everytime I login with the same username it just creates new record. If I logout, it clears all user's token records.
  • It creates remember-me cookie at first, but loosing it after I close my browser.
  • It's not browser-related error.
  • It never calls updateToken or getTokenForSeries methods of JDBCTokenRepositoryImpl. Just createNewToken when the checkbox is checked and removeUserTokens when I logout.
  • It isn't calls loadUserByUsername method of UserDetailsService's implementation
  • If I switch from JDBCTokenRepository to InMemoryTokenRepository it still not works. So I beleive it's not DB related error.
  • Now I'm stucked what else can I do to restore "remember me" functionality. Any advice for further investigation would be appreciated.


  • UserDetailsService


    WebSecurityConfig

     
    Bartender
    Posts: 2266
    13
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    How about rememberMe().key() ?
    The following reference says the key() is important.
    https://www.baeldung.com/spring-security-remember-me
     
    Himai Minh
    Bartender
    Posts: 2266
    13
    • Likes 1
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Hi George,
    I tried an example with rememberMe() feature with Google Chrome.
    Please make sure your Chrome will not clear cookies after you close it Also, it should allow the sites to save cookies.
    Please see the attached screenshot for Chrome's privacy settings.

    If you see the "remember me on this computer" checkbox, check on it. Then, log in. Close the browser and open it again. You don't need to log in.
    privacy_security.JPG
    [Thumbnail for privacy_security.JPG]
    click on site settings
    cookies.JPG
    [Thumbnail for cookies.JPG]
    click on cookies and site data
    allowSaveCookie.JPG
    [Thumbnail for allowSaveCookie.JPG]
    configure as shown in this picture
     
    George Smithss
    Greenhorn
    Posts: 10
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator

    Himai Minh wrote:Hi George,
    I tried an example with rememberMe() feature with Google Chrome.
    Please make sure your Chrome will not clear cookies after you close it Also, it should allow the sites to save cookies.


    Thank you. It works.
    Suddenly our administrators forced that policy for chrome, so "remember me" cookie disappeared after browser's close.
    I forced it back, so now it works as expected.
     
    reply
      Bookmark Topic Watch Topic
    • New Topic