-
Feb 5th, 2007, 06:57 PM
#1
Implement transient cookie with Acegi
I am interesting in implementing a transient cookie for Acegi RememberMe service.
I would like the cookie to be removed on logoff or exiting the browser.
I can figure out how to implement a logout action and invalidate the cookie but in order to get a session close behavior - I figure I need to create a different type of cookie.
Am I missing something? Does Acegi have an ability to do this? Or do I need to override the TokenBasedRememberMeServices class? And if so - anyone have any examples?
Thanks
Jeff
-
Feb 6th, 2007, 02:22 AM
#2
Just out of interest what are you trying to do? You want a cookie to last the lifetime of the users session, why? I was just interested to see what problem you were trying to solve 
.
-
Feb 6th, 2007, 06:19 AM
#3
Implement transient cookie with Acegi
We are interested in development a secure application in a possible common computer environment. Therefore, once a user executes a logout or closes the browser, we want the next user to be forced to enter valid credentials in order to gain access to the application.
-
Mar 1st, 2007, 03:44 PM
#4
Just don't use rmemberme
If you just don't use rememberme, authentication willb e tied to your JSESSIONID, which is already stored in a transient cookie. It will be forgotten if you close the browser, or you can explicitly invalidate the session by calling
Code:
session.invalidate();
You are trying to over think this problem.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
