Menu
How can I get Spring Social to have a remember me function using facebook and twitter login that's similar to remember-me login using form based login in Spring Security?
I'm using Spring Social 1.0.0.RC2 and Spring Security 3.0.5.RELEASE.
Thanks
425
A more secure way to implement the remember me feature is to store a random token instead of a user id in both cookies and database server. When users access the web application, you match the cookies' tokens with those stored in the database. Also, you can check the token's expiration time.
Clicking the “Remember Me” box tells the browser to save a cookie so that if you close out the window for the site without signing out, the next time you go back, you will be signed back in automatically.
Remember me is a feature that allows a user to access into application without re-login. User's login session terminates after closing the browser and if user again access the application by opening browser, it prompts for login.
Use the “remember me” option to reduce how often you have to sign in with two-factor authentication (2FA) on the same web browser. It's safe to use on trusted computers, and lasts for 30 days.
I have an example app that has the code for this here:
https://github.com/sdouglass/spring-security-social
The way I did it was to call Spring Security's TokenBasedRememberMeServices.onLoginSuccess(HttpServletRequest, HttpServletResponse, Authentication) in my Spring Social SignInAdapter implementation.
https://github.com/sdouglass/spring-security-social/blob/master/src/main/java/org/springframework/social/security/social/web/SignInAdapterImpl.java
TokenBasedRememberMeServices JavaDoc
SignInAdapter JavaDoc
158
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
