I am trying to set up Spring security 3.1 where once a user a logs in, the user can hit any web server without requiring to login again. So if I have a session timeout of say 15 minutes, the user should only have to login again after 15 minutes of inactivity.

I thought to use PersistentTokenBasedRememberMeServices however it does not update the column last_used in persistent_logins table after each user request. So it only works since the user last logged in.

This would seem to be a common use case however I can't find a simple solution for it using Spring Security. I thought about creating my own cookie and using a filter to update the SecurityContext if the cookie passed my validation and the SecurityContext did not exist yet.

Any suggestions for a solution to my problem? Thanks!