remember-me | 易学教程

Database problems when allowing multiple browser persistent log ins

阅读更多关于 Database problems when allowing multiple browser persistent log ins

问题 I am trying to implement a 'remember me' system with cookies that will remember a user across browsers meaning that if a user logs into a website using browser A and checks 'remember me', and then logs into browser B using 'remember me', he will continue to be automatically logged in regardless of which browser he uses. (checking 'remember me' in browser B will not break his persistent login in browser A). To do this, I set up my database so that multiple keys can be stored alongside a user

How to administratively invalidate a session that used “Remember Me” option?

阅读更多关于 How to administratively invalidate a session that used “Remember Me” option?

问题 I'm using Symfony 2.1.6 and PdoSessionStorage. I'm trying to add the same functionality that Facebook has to my application where you can show a user all the active sessions they have with the website (showing device type and location based on IP) and allow them to end any session if it looks suspicious. Deleting the record from the PdoSessionStorage table doesn't work as the record is re-created automatically by Symfony again as soon as I perform activity again in that session (instead of

Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack

阅读更多关于 Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack

问题 org.springframework.security.web.authentication.rememberme.CookieTheftException: Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack. at org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices.processAutoLoginCookie(PersistentTokenBasedRememberMeServices.java:102) at org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.autoLogin(AbstractRememberMeServices.java:115) What I notice is

Difference between creating a session and a cookie?

阅读更多关于 Difference between creating a session and a cookie?

问题 I'm working on my first website with the Play! framework, and at one point I'm calling this method when the user logs in: static void connect(User user){ session.put("userid", user.id); } Simply storing the userid in a session, and I can check if it's set on each request, works fine. Problem is, once the browser is closed the cookie is lost, and the user needs to login again. I want to create a "remember me" option, and it seems that the only way to do that is create a cookie and send it with

How can I listen for “remember me” reauthentication events in Symfony2?

阅读更多关于 How can I listen for “remember me” reauthentication events in Symfony2?

问题 Using “normal” — not “remember me” authentication — I can set a success and failure handlers, adding this to the security.yml file: form_login: # ... success_handler: authentication_handler failure_handler: authentication_handler But I couldn't find a way for listening for “remember me” reauthentication, when a user's session is expired and a “remember me” cookie is used to reauthenticate again. Any ideas on how can I achieve this? 回答1: Create a Listener for the security.interactive_login

ldap.rememberMe.usernameMapper.userDnBase (multiple instances of?) (searchSubtree search capability)

阅读更多关于 ldap.rememberMe.usernameMapper.userDnBase (multiple instances of?) (searchSubtree search capability)

I have a Grails application that is successfully using the latest spring-security-core:2.0-RC4 and spring-security-ldap:2.0-RC2 . Users can login perfectly using grails.plugin.springsecurity.ldap.search.base setting for LDAP login authentication. There is a different setting for the rememberMe userDnBase (mapper) and that setting is: grails.plugin.springsecurity.ldap.rememberMe.usernameMapper.userDnBase The LDAP authentication grails.plugin.springsecurity.ldap.search.base is set to ou=people,dc=sitcudy,dc=edu . As mentioned above - the logins work fine because there is a property called

symfony 3.3 programmatically login a user with remember me feature

阅读更多关于 symfony 3.3 programmatically login a user with remember me feature

问题 I want to login a user after registration successfully. Currently the solution I found online is login a user in a session basis. But I need the "remember me" feature. My research lead me to the Symfony\Component\Security\Http\RememberMe\TokenBasedRememberMeServices and its function onLoginSuccess But I'm out of luck and end up with circular reference detected for service. Also the onLoginSuccess is protected function. I assume I can duplicate those functions in my own function where

Prevent session cookie hijacking WITHOUT SSL

阅读更多关于 Prevent session cookie hijacking WITHOUT SSL

问题 To prevent session hijacking, i tried to assign a specific cookie name to each user based on these variables: User-agent and IP Address . I have used following function to generate session cookie name which holds session ID . static function getSessionName(){ $id= @md5(base64_encode(self::$secretToken.$_SERVER["HTTP_USER_AGENT"].$_SERVER["REMOTE_ADDR"])); while(is_numeric($id{0})){ $id = substr($id, 1).$id{0}; } return $id; } It means that every user which visits my website, will have a

How to change Grails Spring Security Cookie Path

阅读更多关于 How to change Grails Spring Security Cookie Path

I've got two grails applications using spring security: Core Module (user and role tables mapping to Core db tables) I want to have a single sign on functionality using "remember me". The problem is that the cookies are stored in different paths "/Core" and "/Module" which I'm guessing is the reason why it isn't working. Does anyone know how to change the cookie path to be "/"? Notes : Do I need to make a change in Spring Security or the Tomcat server configuration (using intellij) I want to avoid setting up a CAS server if possible I'm looking into plugins as an alternative Thanks any help

Implement a “Remember me” CheckBox in windows application?

阅读更多关于 Implement a “Remember me” CheckBox in windows application?

Hello I am creating a Windows application (WPF) that is going to be running in few stations accessing 1 database. I already implemented a login form with a login system thru My.User.CurrentPrincipal . Now, I want to implement a "Remember me on this computer" check box in the login form, where should I store the value? Should it be a cookie? a .settings value? or what good other suggestion do you have. Update Also what data (i.e. what value) shoud I store, I want it to be secure, that users should not be able to copy the values etc. Thanks in advance! I think you would probably want to store in