Lost session after restarting the server

[aravinds03]

Hi,
I am using springsocial-showcase as an example to integrate social websites to my own wesbite.
My problem is that whenever I restart the server, the session is lost and gets redirected to sign-in page.
This behavior gives very bad user experience.
Is there any way to keep the session even after restarting the server in spring security?

[michaellavelle]

Hi

springsocial-showcase uses an in-memory database by default for showcasing purposes ( so that you don't need to create your own database locally before running the example). This is why when you restart the server the data is lost - to change this behavior you can simply use your own database and change the configuration of the datasource.

If you take a look in the MainConfig, you'll see the DataSource bean is an in-memory implementation - modify this bean definition or provide your own config to replace this in-memory datasource with a persistent datasource.

src/main/java/org/springframework/social/showcase/config/MainConfig.java

Hope this answers your question.

[aravinds03]

Hi,
I enabled persistent data source and it stores only the oauth tokens in database.
What we need is to store cookie information in db so that the login state will be saved even after restarting the server.
So, is there a way to save the sign in state(for example:I used fb login) ?

[michaellavelle]

Hi

If I understand your requirements correctly it sounds like the remember-me functionality of Spring Security will give you what you need. If you register PersistentTokenBasedRememberMeServices with your Spring Security implementation and enable remember-me, then the user's authentication can be remembered after a server restart.

One of my own projects ( https://github.com/socialsignin/socialsignin-showcase ) uses remember-me functionality in combination with Spring Social, but it uses an in-memory token repository.

I've been meaning to change this to use a persistent version for a while, but until I get the chance to do this I've created a quick clone of this project and enabled a persistent version - see https://github.com/socialsignin/soci...ent-rememberme , and in particular the included spring-security-config.xml for an example of how this could work.

Please note that this showcase project also uses an embedded database for showcase purposes ( in SocialSignInShowcaseWebappConfig ) - simply replace this datasource with your own persistent version to ensure remember-me tokens survive server restarts. Also, note that the JdbcTokenRepositoryImpl bean is configured with createTableOnStartup=true - again for demo purposes - you'll need to change this to be false once you have a table created for the tokens in your database.

Hope this helps,

Michael