Announcement Announcement Module
No announcement yet.
Spring+Acegi able to visit login screen, but old session is retained. Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring+Acegi able to visit login screen, but old session is retained.

    I have Spring + Acegi and everything is working fine, except when I don't log out and I re-visit the login page. I can type in new credentials (user/pass), but when I log in, I'm actually associated with the old credentials, which is confusing for a user since they think they just logged in. It seems like either I need to somehow reset the rememberme cookie when the user directly visits the login page, or that they need to be redirected away from the page when they have been remembered.

    Some configuration settings for reference:

    	<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
    		<property name="userDetailsService" ref="accessMgr"/>
    		<property name="key" value="changeThis"/>
    	<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
    		<property name="providers">
    				<ref local="daoAuthenticationProvider"/>
    				<bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
    					<property name="key" value="changeThis"/>
    				<bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
    					<property name="key" value="changeThis"/>
    	<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
    		<property name="authenticationManager" ref="authenticationManager"/>
    		<property name="rememberMeServices" ref="rememberMeServices"/>
    Any ideas/tips are appreciated!