应用程序重启后记住我的 cookie 被删除 - 这可以吗? [英] Remember-me cookie deleted after app restart - is this OK?
问题描述
我在我的 spring 启动应用程序中实现了记住我,因为我可以看到登录后正确创建了 cookie,具有适当的到期时间等.但是这个 cookie 在我的 Tomcat 服务器上重新启动应用程序后无法生存.场景很简单.使用记住我和cookie 的用户登录可在浏览器中使用.然后我们在 Tomcat 中重新部署应用程序,现在,当用户在浏览器窗口中刷新应用程序时,他会注销并从浏览器中删除 cookie.cookie 不应该在这个过程中幸存下来,即使应用程序在 Tomcat 中重新启动也允许自动登录吗?
I have remember-me implemented in my spring boot app, as I can see cookie is created correctly after login, with proper expiration time etc. But this cookie doesnt survive app restart on my Tomcat server. Scenario is simple. User login with remember me and cookie is available in browser. Then we do app redeploy in Tomcat and now, when user refreshes the app in browser window, he is logged out and cookie is deleted from browser. Shouldn't the cookie survive this and allow automatic login even app restarts in Tomcat?
这是我的 SpringBoot 安全配置的一个片段.
Here is a snippet from my SpringBoot security config.
app.logout().deleteCookies("nh_remember").logoutSuccessUrl("/").logoutUrl("/logout").permitAll().and().rememberMe().rememberMeCookieName("nh_remember").tokenValiditySeconds(1209600).key("xxxxxxxx")
推荐答案
您必须在 Tomcat 重新启动之间保留令牌.查看文档:http://docs.spring.io/spring-security/site/docs/current/reference/html/remember-me.html
You have to persist the token between restarts of Tomcat. Check out the documentation: http://docs.spring.io/spring-security/site/docs/current/reference/html/remember-me.html
具体来说,您需要设置一个 PersistentTokenBasedRememberMeServices,其中包含有关您保存令牌的数据库的信息.
Specifically you need to setup a PersistentTokenBasedRememberMeServices which contains information about the database that you persist the tokens too.
这篇关于应用程序重启后记住我的 cookie 被删除 - 这可以吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
