问题
I have remember-me implemented in my spring boot app, as I can see cookie is created correctly after login, with proper expiration time etc. But this cookie doesnt survive app restart on my Tomcat server. Scenario is simple. User login with remember me and cookie is available in browser. Then we do app redeploy in Tomcat and now, when user refreshes the app in browser window, he is logged out and cookie is deleted from browser. Shouldn't the cookie survive this and allow automatic login even app restarts in Tomcat?
Here is a snippet from my SpringBoot security config.
app.logout().deleteCookies("nh_remember").logoutSuccessUrl("/").logoutUrl("/logout").permitAll().and().rememberMe().rememberMeCookieName("nh_remember").tokenValiditySeconds(1209600).key("xxxxxxxx")
回答1:
You have to persist the token between restarts of Tomcat. Check out the documentation: http://docs.spring.io/spring-security/site/docs/current/reference/html/remember-me.html
Specifically you need to setup a PersistentTokenBasedRememberMeServices which contains information about the database that you persist the tokens too.
来源:https://stackoverflow.com/questions/39116854/remember-me-cookie-deleted-after-app-restart-is-this-ok