Announcement Announcement Module
No announcement yet.
Remember me working inconsistently Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Remember me working inconsistently

    Hello all,

    I have implemented spring security 3.1 and used remember me feature with persistent token.

    Remember me feature is working fine when i test it in my localhost in tomcat. But it works inconsistently when I deploy in dev server (Linux).

    Cookie is sometimes cleared at browser when closing and opening browser. I used IE browser's debugger to walk through all the cookies.

    At the server side it is all fine, cookies are persisted well.

    As the remember me cookies are cleared at browser, when the request comes back to secured URL, spring security deletes the persisted token from the table persistent_login by identifying the user id.

    Could anyone please give me the solution to solve it urgently ? Let me know if you need any other info from me.

  • #2
    Any answer please ?


    • #3
      Here is my security config.

      <?xml version="1.0" encoding="UTF-8"?>
      <beans:beans xmlns="" xmlns:xsi=""
      	xmlns:context="" xmlns:beans=""
      	<!-- <debug /> -->
      	<http pattern="/resources/**" security="none" />
      	<http pattern="/login" security="none" />
      	<http pattern="/sessionexpired" security="none" />
      	<http pattern="/OBL/**" security="none" />
      	<http pattern="/igloo/**" security="none" />
      	<http pattern="/oblrequest" security="none"/>
      	<http auto-config="true" use-expressions="true">
      		<intercept-url pattern="/**" access="isAuthenticated()" />
      		<form-login login-page="/login" authentication-success-handler-ref="loginSuccessHandler"
      			authentication-failure-handler-ref="loginFailureHandler" />
      		<access-denied-handler />
      		<anonymous />
      		<logout success-handler-ref="logoutSuccessHandler" />
      		<remember-me key="_spring_security_remember_me" user-service-ref="ldapUserService"
      			token-repository-ref="tokenRepository" />
      		<session-management session-fixation-protection="migrateSession" session-authentication-error-url="/sessionexpired" invalid-session-url="/sessionexpired" >
      			<concurrency-control max-sessions="1" expired-url="/sessionexpired"/>
      		<!-- <http-basic/> -->
      	<ldap-server id="ldapServer" url="${}" port="389" manager-dn="${ldap.manager-dn}"
      		manager-password="${ldap.manager-password}" />
      	<ldap-user-service id="ldapUserService" server-ref="ldapServer" user-search-filter="${ldap.user-search-filter}"
      		user-search-base="${ldap.user-search-base}" />
      		<ldap-authentication-provider user-search-filter="${ldap.user-search-filter}"
      			user-search-base="${ldap.user-search-base}" user-dn-pattern="${ldap.user-dn-pattern}">
      	<beans:bean id="tokenRepository" class="">
      		<beans:property name="createTableOnStartup" value="false" />
      		<beans:property name="dataSource" ref="acornDataSource" />
      Last edited by aruncollections; Feb 9th, 2012, 02:03 AM.