Win a copy of Building Blockchain Apps this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Liutauras Vilda
  • Knute Snortum
  • Bear Bibeault
Sheriffs:
  • Devaka Cooray
  • Jeanne Boyarsky
  • Junilu Lacar
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
  • salvin francis
Bartenders:
  • Tim Holloway
  • Piet Souris
  • Frits Walraven

Spring Security "Remember Me" option not restoring sessions

 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Suddenly Spring security remember-me option has stopped to work. Now when I check "remember me" checkbox at login page and then close my browser, it asks me to login again instead of just restoring my session.
remember-me

Further investigation revealed that:

  • It still creates new series/token/last_used fields in DB, but never updates it. So everytime I login with the same username it just creates new record. If I logout, it clears all user's token records.
  • It creates remember-me cookie at first, but loosing it after I close my browser.
  • It's not browser-related error.
  • It never calls updateToken or getTokenForSeries methods of JDBCTokenRepositoryImpl. Just createNewToken when the checkbox is checked and removeUserTokens when I logout.
  • It isn't calls loadUserByUsername method of UserDetailsService's implementation
  • If I switch from JDBCTokenRepository to InMemoryTokenRepository it still not works. So I beleive it's not DB related error.
  • Now I'm stucked what else can I do to restore "remember me" functionality. Any advice for further investigation would be appreciated.


  • UserDetailsService


    WebSecurityConfig

     
    Ranch Hand
    Posts: 1829
    12
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    How about rememberMe().key() ?
    The following reference says the key() is important.
    https://www.baeldung.com/spring-security-remember-me
     
    Himai Minh
    Ranch Hand
    Posts: 1829
    12
    • Likes 1
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Hi George,
    I tried an example with rememberMe() feature with Google Chrome.
    Please make sure your Chrome will not clear cookies after you close it Also, it should allow the sites to save cookies.
    Please see the attached screenshot for Chrome's privacy settings.

    If you see the "remember me on this computer" checkbox, check on it. Then, log in. Close the browser and open it again. You don't need to log in.
    privacy_security.JPG
    [Thumbnail for privacy_security.JPG]
    click on site settings
    cookies.JPG
    [Thumbnail for cookies.JPG]
    click on cookies and site data
    allowSaveCookie.JPG
    [Thumbnail for allowSaveCookie.JPG]
    configure as shown in this picture
     
    George Smithss
    Greenhorn
    Posts: 5
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator

    Himai Minh wrote:Hi George,
    I tried an example with rememberMe() feature with Google Chrome.
    Please make sure your Chrome will not clear cookies after you close it Also, it should allow the sites to save cookies.


    Thank you. It works.
    Suddenly our administrators forced that policy for chrome, so "remember me" cookie disappeared after browser's close.
    I forced it back, so now it works as expected.
     
    Arthur, where are your pants? Check under this tiny ad.
    Java file APIs (DOC, XLS, PDF, and many more)
    https://products.aspose.com/total/java
    • Post Reply Bookmark Topic Watch Topic
    • New Topic
    Boost this thread!