Re: RememberMeManager in Database

2018-01-29 Thread Brian Demers
> > Thanks for the pointer. Don’t know that much about JWT. From looking at > the code it seems you are storing the subject in the cookie. Like the > current implementation does. This might be different from what we are > trying to achieve. We don’t want the subject in the cookie, but in the > data

Re: RememberMeManager in Database

2018-01-29 Thread Björn Raupach
Hi Brian, thanks for your time! > On 26. Jan 2018, at 17:03, Brian Demers wrote: > > Looks like a good start, I left a comment on the nonce logic. My JDBC is a > little rusty though (which oddly makes me smile) so I might not be the best > person to look at that. Thanks. Fixed it. Replaced

Re: RememberMeManager in Database

2018-01-26 Thread Brian Demers
Looks like a good start, I left a comment on the nonce logic. My JDBC is a little rusty though (which oddly makes me smile) so I might not be the best person to look at that. There is probably some logic we can bubble up I almost forgot about this, but I was messing around with a JWT remember me

Re: RememberMeManager in Database

2018-01-26 Thread Björn Raupach
Hi Brian, know you are busy. Could you give me some feedback on this? kind regards Björn > On 12. Jan 2018, at 16:44, Björn Raupach wrote: > > Not sure where to talk about the proposed feature. JIRA Ticket? Mailing list > or GitHub issue/pull request? > > Anyways here is the link to the impl

Re: RememberMeManager in Database

2018-01-12 Thread Björn Raupach
Not sure where to talk about the proposed feature. JIRA Ticket? Mailing list or GitHub issue/pull request? Anyways here is the link to the implementation: https://github.com/raupachz/shiro/tree/dbcookies The class is called DatabaseRememberMeC

Re: RememberMeManager in Database

2018-01-10 Thread Rob Young
I'd be interested to see this in action, I'd be happy to check out what you get up to! On Wed, Jan 10, 2018 at 10:25 AM, Brian Demers wrote: > Probably an override, you will still need to add the cookie, so you should > be able to override just what you need. > > > >> Keep us posted! >> >> >> Si

Re: RememberMeManager in Database

2018-01-10 Thread Brian Demers
Probably an override, you will still need to add the cookie, so you should be able to override just what you need. > Keep us posted! > > > Since we need this feature I can dedicate company time on this matter. > Will work on this in my repo and open a pull request once I have something > figured

Re: RememberMeManager in Database

2018-01-10 Thread Björn Raupach
Hi Brian, > On 9. Jan 2018, at 20:20, Brian Demers wrote: > > Sounds like that could work. As for invalidating a single remembered me > session, I don't think you would need to deal with an individual cipher, > simply deleting the user's key from your database would do it (as the next > requ

Re: RememberMeManager in Database

2018-01-09 Thread Brian Demers
Sounds like that could work. As for invalidating a single remembered me session, I don't think you would need to deal with an individual cipher, simply deleting the user's key from your database would do it (as the next request would fail to lookup the rememberMe key). You may also need to heavil