How to fix “Invalid remember-me token (Series/token) mismatch” Error?

断了今生、忘了曾经 提交于 2021-02-07 09:18:13

问题


I use Spring Security persistent logins. I persist the remember me token in my database. Sometimes I get the following error:

| Error 2013-07-02 13:54:14,859 [http-nio-8080-exec-2] ERROR [/buddyis].[gsp]  -  
Servlet.service() for servlet [gsp] in context with path [/buddyis] threw exception
Message: Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.
Line | Method
->> 1145 | runWorker in java.util.concurrent.ThreadPoolExecutor
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
|    615 | run       in java.util.concurrent.ThreadPoolExecutor$Worker
^    722 | run . . . in java.lang.Thread 

In my Config.groovy:

grails.plugins.springsecurity.logout.handlerNames = [
'rememberMeServices', 'securityContextLogoutHandler', 'mySecurityEventListener'
]
grails.plugins.springsecurity.rememberMe.cookieName = 'RememberMe'
grails.plugins.springsecurity.rememberMe.alwaysRemember = true
grails.plugins.springsecurity.rememberMe.tokenValiditySeconds = 31536000 // 365 days
grails.plugins.springsecurity.rememberMe.key = 'rememberMe'
grails.plugins.springsecurity.rememberMe.persistent = true
grails.plugins.springsecurity.rememberMe.persistentToken.domainClassName = 'mypackage.PersistentLogin'

How do I fix this error? What does it mean?


回答1:


I am having the same exception in my mobile web site. When the http session of the user who has logged in with remember me expires and when the user access the web site again, if there are multiple parallel (ajax) requests this issue occurs.

It happens because the first of the parallel requests will refresh the remember me token and the token (which is invalidated) all the other request(s) will have mismatch the persisted token.

So you don't have many options to fix this, an option is to not have parallel requests, but in toady's mobile apps it is not much possible.

What i did is to have /me requests which is the first thing i make upon launching/loading the web app and after that i can do multiple parallel requests without worrying that i will hit this issue.



来源:https://stackoverflow.com/questions/17425275/how-to-fix-invalid-remember-me-token-series-token-mismatch-error

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!