I have a quick question about the authentication mechanism itself. How does securesocial manages the login cookie? I have a little problem when I change code in my system and I have been logged in before the code change then I will be logged out and I need to login again. This is true for development. For production we use a cluster system which has 2 machines if i start a request on one machine and the next request is on the other machine then I will be logged out every single time. Does anyone has an idea what this could be or better why this happens ?? we are using securesocial 0.2.2
Best regards Thomas
The module relies on an implementation of the UserService interface to save/find users that are authenticated. SecureSocial comes with a default implementation: DefaultUserService. However this is not suitable for a production environment because it stores everything in a HashMap in memory. This is why you get logged out when the app reloads on DEV mode or you are asked to log in again in a clustered environment.
You need to provide your own implementation of that class and store things in a DB or another backing store. Checkout the javadocs in UserService.
BTW, please upgrade to version 0.2.4. I fixed a bug that prevented some requests to be granted access when they should be redirected to the login page.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With