Platform: amd64, debian 11.2 "bullseye", openjdk 11.0.14,
karaf 4.3.6, shiro 1.7.0
This a problem I have with shiro that appears and then disappears as
mysteriously has it appears and "out of sight, out of mind".
But today I have decided to dig a little bit deeper.
Most of the time shiro works for me. But from time to time I run into a
problem that requires me to do frequent logins.
I.e. when shiro is the "gateway" to a SPA then entry works fine, but if
I e.g. do a reload of the application I'm redirected to the login page
and have to log in again.
When this happens, I see a lot of the following in karaf.log:
https://gist.github.com/steinarb/9d5240e78b0a177a115d3c10540fa1a4
Also, if I try a different browser, or if I try an incognito window of
the same browser, authentication seems to work normally, and without the
frequent login error.
But when I try clearing the cookies of the browser with the problem
(which should have the same effect...?) it doesn't help.
I have googled for the error message without finding anything useful. I
have also visited the suggested URL
https://shiro.apache.org/web.html#remember_me_services
without understanding much more.
Is my problem that I am trying to remember a cookie without having set
an encryption key? But if so: why does it sometimes seem to work.
I have grepped my code for "rememberMe" and "RememberMe" and haven't
found any matches, so that flag on the token I have not set.
