[ https://issues.apache.org/jira/browse/COCOON3-84?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Thorsten Scherler closed COCOON3-84. ------------------------------------ Resolution: Fixed Fix Version/s: 3.0.0-beta-1 revision 1222722. Thanks ajay for the patch > Add remeber-me feature in cocoon-shiro module > --------------------------------------------- > > Key: COCOON3-84 > URL: https://issues.apache.org/jira/browse/COCOON3-84 > Project: Cocoon 3 > Issue Type: Improvement > Components: cocoon-shiro > Affects Versions: 3.0.0-beta-1 > Reporter: Ajay Deshwal > Assignee: Thorsten Scherler > Fix For: 3.0.0-beta-1 > > Attachments: COCOON3-84.patch > > > cocoon-shiro module should provide feature to remember authenticating user. > A remembered identity gives the system an idea who that person probably is, > but in reality, has no way of guaranteeing the remembered identity really is > that user. > According to shiro docs: Shiro follows same paradigm as all over the web. > for eg: When you visit Amazon.com and perform a login and ask it to 'remember > me', it will set a cookie with your identity. If you don't log out and your > session expires, and you come back, say the next day, Amazon still knows who > you probably are: you still see all of your book and movie recommendations > and similar user-specific features since these are based on your (remembered) > user id. > Some facts worth remembering about Shiro's remember me feature: > if in filter chain definitons we set: > /myurl=authc > User has to authenticate no matter user had enabled > remember-me in previous session. > /myurl=roles[USER] > User will be granted access if user had enabled > remember-me in previous session(Assuming USER role has been assigned to > requesting user). > Now, when writing your own webapp, whether you use the authc filter or simply > depend on if the user is remembered is entirely up to you. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira