Announcement Announcement Module
Collapse
No announcement yet.
check remember me only can login? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • check remember me only can login?

    hi, i had encounter this issue.

    once I go to login page, enter correct user and password, if cannot login and display the login page again (without any error).

    but when i check remember me, it can logging (and a cookie is created).


    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
        xmlns:beans="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                            http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
    
    	<global-method-security secured-annotations="enabled" jsr250-annotations="enabled" />
    
        <http auto-config="true" >
        	<intercept-url pattern="/user/login.htm*" requires-channel="https"/>
        	<intercept-url pattern="/index.htm" access="ROLE_USER" requires-channel="http" />
    	    <intercept-url pattern="/**" filters="none" />
    		
    		<form-login login-page="/user/login.htm" authentication-failure-url="/user/login.htm?login_error=1" default-target-url="/index.htm" />
    		
    		<logout logout-success-url="/user/login.htm" invalidate-session="true"/>
    		
            <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="false"/>       
           
           	<port-mappings>
    			<port-mapping http="8080" https="8443"/>
    	  	</port-mappings>
    	   	   
        </http>   
            
    
    
    
    </beans:beans>
    btw, i cannot renaem the cookie even i put a <remember-me key="remeber_me" />

    any idea ?


    kiwi
    ----
    happy hacking !

  • #2
    just find out the cause.

    <intercept-url pattern="/index.htm" access="ROLE_USER" requires-channel="http" />
    (this NOT work - need to check remember me oly can logging)

    I want it change to http instaed of using SSL after logging , but it work only without the "requires-channel" attribute like this :

    <intercept-url pattern="/index.htm" access="ROLE_USER" /> (WORK -can logging normally)

    any idea ?

    kiwi
    ---
    happy hacking !

    Comment


    • #3
      You are probably running into an issue with Tomcat losing the session when switching from HTTPS to HTTP. Search the web and you will find more.

      Otherwise, you will need to provide more information here - debug log output, version information, the container you are using etc etc.

      Comment


      • #4
        hi, thx for reply !!

        I using tomcat 6.0.16.

        yea. probably is session issue.

        is that any way to solve this ?


        kiwi
        ---
        happy hacking !

        Comment


        • #5
          just search the net.

          That the design of tomcat for security reason to prevent session hijacking.

          anyway, thx for you help !

          kiwi
          ---
          happy hacking !

          Comment

          Working...
          X