0

When logging in, into WSO2 Identity Server using the SOAP AuthenticationAdmin, I can choose to use the 'loginWithRememberMeOption'. When using this option, the Identity Server will provide a 'RememberMeDataValue'. For instance:

admin-26d5de4f-c243-4141-acbf-2513f99174cd

I can use this value in the 'loginWithRememberMeCookie', that will tell me 'true' if the value was indeed generated.

However, as I understand it, a more common way to 'remember' a user is by using the session cookie. In this case, also supplied in the response of the Identity Server.

Set-Cookie: JSESSIONID=94784CC9FC03E9FA3822CFDDAD0D36F6; Path=/; Secure; HttpOnly

What is the difference between these two values?

JimRoy
  • 121
  • 1
  • 10

1 Answers1

0

The JSESSIONID cookie will only be valid for a particular session and it will be invalid when the session times out.

However when you are using the remember me option, you can login with the remember me cookie even if the initial session has timed out.

Isuru Perera
  • 1,905
  • 1
  • 11
  • 23
  • Thanks Isuru, that clears it up. However, when a user is logged in with the 'remember me option', how does he log out? I tried this by 'logging out' the JSESSIONID that came with the 'remember me cookie'. Then I tried the 'loginWithRememberMeCookie' service. Instead of the expected false, being that the user had indeed logged out, he was still logged in. – JimRoy Jun 27 '13 at 08:41
  • When you call the logout operation, the session is invalidated in the server. So, the JSESSIONID is invalid and you will be no longer able to communicate with server. When you login with 'loginWithRememberMeCookie', you are passing the "RememberMe" cookie. That cookie value is valid and you will be logged in. I hope this helps! – Isuru Perera Jun 27 '13 at 13:19