Announcement Announcement Module
Collapse
No announcement yet.
Implement transient cookie with Acegi Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Implement transient cookie with Acegi

    I am interesting in implementing a transient cookie for Acegi RememberMe service.

    I would like the cookie to be removed on logoff or exiting the browser.

    I can figure out how to implement a logout action and invalidate the cookie but in order to get a session close behavior - I figure I need to create a different type of cookie.

    Am I missing something? Does Acegi have an ability to do this? Or do I need to override the TokenBasedRememberMeServices class? And if so - anyone have any examples?

    Thanks
    Jeff

  • #2
    Just out of interest what are you trying to do? You want a cookie to last the lifetime of the users session, why? I was just interested to see what problem you were trying to solve .

    Comment


    • #3
      Implement transient cookie with Acegi

      We are interested in development a secure application in a possible common computer environment. Therefore, once a user executes a logout or closes the browser, we want the next user to be forced to enter valid credentials in order to gain access to the application.

      Comment


      • #4
        Just don't use rmemberme

        If you just don't use rememberme, authentication willb e tied to your JSESSIONID, which is already stored in a transient cookie. It will be forgotten if you close the browser, or you can explicitly invalidate the session by calling

        Code:
        session.invalidate();
        You are trying to over think this problem.

        Comment

        Working...
        X