0

I logged in my site. Cookie created correctly.

I see JSESSIONID and SPRING_SECURITY_REMEMBER_ME_COOKIE (at this moment Its name is testMecook). It's ok

Then, I close my browser, then open it. And SPRING_SECURITY_REMEMBER_ME_COOKIE field removed. Why?

My config spring security is

<http pattern="/resources" security="none" />

<http use-expressions="true" disable-url-rewriting="true">
    <intercept-url pattern="/" access="permitAll"/>

    <form-login login-page="/users/login"
                authentication-failure-url="/users/loginfail"
                default-target-url="/"/>

    <access-denied-handler error-page="/users/denied"/>

    <logout logout-success-url="/" delete-cookies="JSESSIONID, testMecook"/>

    <remember-me key="TestCOOK" services-ref="rememberMeService"/>

    <anonymous/>
</http>

<authentication-manager erase-credentials="false">
    <authentication-provider ref="authenticationProvider"/>
</authentication-manager>

<beans:bean id="rememberMeService"
            class="org.xxx.security.CustomRememberMeService">
    <beans:property name="key" value="TestCOOK"/>
    <beans:property name="userDetailsService" ref="customUserDetailsService"/>
    <beans:property name="cookieName" value="testMecook"/>
</beans:bean>

<beans:bean id="authenticationProvider"
            class="org.xxx.security.provider.UserAuthenticationProvider"/>

<beans:bean id="customUserDetailsService"
            class="org.xxx.security.provider.UserDetailsServiceImpl"/>
Kirill Muchow
  • 103
  • 1
  • 1
  • 12

1 Answers1

0

I think your config looks normal. It's probably your browser that deletes cookies after closing it. Check the related settings in your browser, and make sure it doesn't clear cookies on exit.

zagyi
  • 17,223
  • 4
  • 51
  • 48
  • See [this support article](http://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences) on how to fix this in Firefox. – zagyi Mar 18 '13 at 14:55