On Mon, Feb 24, 2014 at 11:44 PM, Lidija Dolinar <lidija....@gmail.com>wrote:
> I tried "Remember Me" functionality here: > http://tynamo-federatedaccounts.tynamo.org/ (live demo webapp) but the > user > isn't remembered. > When I check the "Remember Me" checkbox and login, the cookie "rememberMe" > is created. After I close the browser and reopen it again I'm not logged > in. Am I missing something here? > Shiro makes a strong separation between remembered and authenticated use cases. It depends on your security settings whether you want to allow remembered only users. The built-in Shiro rememberMe cookie is in not secure. I've written about the topic several times. RollingTokenRealm (at the end of http://tynamo.org/tynamo-federatedaccounts+guide) was born out of the need to support a (more) secure rememberMe use case. (And to Lenny, no, productionMode does not effect this functionality in any way). > > I'm struggling with the creation of the "rememberMe" cookie. This is my > Login.java: > > public Object onActionFromJsecLoginForm() { > Subject currentUser = securityService.getSubject(); > if (currentUser == null) { > throw new IllegalStateException("Subject can`t be null"); > } > UsernamePasswordToken token = new UsernamePasswordToken(jsecLogin, > jsecPassword); > token.setRememberMe(true); > > try { > currentUser.login(token); > } > ... > } > However, the cookie "rememberMe" isn't created :-/. What am I missing? > Are you sure the cookie isn't created or it just doesn't work the way you expected? I.e. user is not logged in. Kalle