May 14th, 2012, 10:06 AM
Session-Only Remember-Me cookie (Enhancement RQ)
In a couple of projects I had to use Remember-Me services with a session-only cookie.
The idea is to keep the user's authentication state across server restarts, application crashes and redeploys, and session time-outs. This provides a bit of enhanced user experience.
I used to do this with a TokenBasedRememberMeServices subclass, that would always add a cookie, but it would be session-only if no remember-me trigger parameter was supplied, or persistent (as per default behaviour) if the trigger parameter is supplied.
Now I am using xml schema configuration, and found it hard to use a sub-class.
Request For Enhancement:
Add a flag to add a session cookie if long-term cookie is not required.
Last edited by Lachezar; May 14th, 2012 at 10:16 AM.
И'м ватцхинг ъоу...
May 14th, 2012, 03:49 PM
Your session cookie is supposed to go away when your session ends. How would the this work without making the session cookie not a session cookie?
Tags for this Thread