如何解决“无效的“记住我"令牌(系列/令牌)不匹配"问题;错误? [英] How to fix "Invalid remember-me token (Series/token) mismatch" Error?
问题描述
我使用Spring Security永久登录.我将记住我"令牌保留在数据库中.有时我会收到以下错误:
I use Spring Security persistent logins. I persist the remember me token in my database. Sometimes I get the following error:
| Error 2013-07-02 13:54:14,859 [http-nio-8080-exec-2] ERROR [/buddyis].[gsp] -
Servlet.service() for servlet [gsp] in context with path [/buddyis] threw exception
Message: Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.
Line | Method
->> 1145 | runWorker in java.util.concurrent.ThreadPoolExecutor
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 615 | run in java.util.concurrent.ThreadPoolExecutor$Worker
^ 722 | run . . . in java.lang.Thread
在我的Config.groovy中:
In my Config.groovy:
grails.plugins.springsecurity.logout.handlerNames = [
'rememberMeServices', 'securityContextLogoutHandler', 'mySecurityEventListener'
]
grails.plugins.springsecurity.rememberMe.cookieName = 'RememberMe'
grails.plugins.springsecurity.rememberMe.alwaysRemember = true
grails.plugins.springsecurity.rememberMe.tokenValiditySeconds = 31536000 // 365 days
grails.plugins.springsecurity.rememberMe.key = 'rememberMe'
grails.plugins.springsecurity.rememberMe.persistent = true
grails.plugins.springsecurity.rememberMe.persistentToken.domainClassName = 'mypackage.PersistentLogin'
如何解决此错误?是什么意思?
How do I fix this error? What does it mean?
推荐答案
我在移动网站中遇到了相同的异常.当以记住我"身份登录的用户的http会话到期并且当用户再次访问该网站时,如果存在多个并行(ajax)请求,则会发生此问题.
I am having the same exception in my mobile web site. When the http session of the user who has logged in with remember me expires and when the user access the web site again, if there are multiple parallel (ajax) requests this issue occurs.
发生这种情况是因为并行请求中的第一个将刷新记住我"令牌,而该令牌(已失效)的所有其他请求将与持久令牌不匹配.
It happens because the first of the parallel requests will refresh the remember me token and the token (which is invalidated) all the other request(s) will have mismatch the persisted token.
因此,您没有太多解决此问题的选项,一个选项是不具有并行请求,但是在toady的移动应用程序中这是不可能的.
So you don't have many options to fix this, an option is to not have parallel requests, but in toady's mobile apps it is not much possible.
我所做的是拥有/me请求,这是我在启动/加载Web应用程序时要做的第一件事,然后我可以执行多个并行请求,而不必担心会遇到此问题.
What i did is to have /me requests which is the first thing i make upon launching/loading the web app and after that i can do multiple parallel requests without worrying that i will hit this issue.
这篇关于如何解决“无效的“记住我"令牌(系列/令牌)不匹配"问题;错误?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
