Announcement Announcement Module
No announcement yet.
Remember me cookie not set Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Remember me cookie not set

    I can't seem to get a cookie of spring that remembers the session, nor is the persistent_logins table of the dataSource getting populated. Why isn't the cookie received by the client?

    Application context xml file :

    <?xml version="1.0" encoding="UTF-8"?>
    <remember-me data-source-ref="dataSource"
    user-service-ref="userService" />

    <authentication-manager alias="authenticationManager">
    <authentication-provider user-service-ref="userService">
    <password-encoder hash="md5" ref="passwordEncoder">
    <salt-source ref="saltSource" />
    login method:

    public class AServiceImpl extends RemoteServiceServlet implements AService {
    public boolean login(String username, String password, boolean remember) {
    Collection<GrantedAuthority> auths = userDetailsService.getGrantedAuthorities(user);
    auth = new UsernamePasswordAuthenticationToken(username, password, auths);
    Authentication result = authenticationManager.authenticate(auth);
    SecurityContextHolder.getContext().setAuthenticati on(result);
    getThreadLocalRequest().getSession().setAttribute( HttpSessionSecurityContextRepository.SPRING_SECURI TY_CONTEXT_KEY,SecurityContextHolder.getContext()) ;
    rememberMeServices.loginSuccess(getThreadLocalRequ est(),getThreadLocalResponse(), auth);

  • #2
    Thanks for the reply, but I'm not looking to do it manually. I know there has to be a way to use the SPRING_SECURITY_REMEMBER_ME_COOKIE and I don't see a reason do it manually if Spring provides a remember-me service.

    maybe interesting note: I didn't use _spring_security_remember_me (because I don't use forms but rpc) and I don't have alwaysRememberMe set true. This is because all login/logout is done via rpc. Maybe this is the problem?

    Another small related question: the line "getThreadLocalRequest().getSession().setAttribute (HttpSessionSecurityContextRepository.SPRING_SECUR ITY_CONTEXT_KEY,SecurityContextHolder.getContext() );" looks a bit like a hack. But if I ommit it, the sessioncookie JSESSIONID is not set for some reason. Anyone know why?


    • #3