Hi there.
I've recently struggled with the problem with "remember me" service. I use
TokenBasedRememberMeService to enable autologin. However, I've found out that I
can't log out even when invalidation the HttpSession and sending the terminate
cookie.
Here's the code (approximately).
public String logout() {
final FacesContext context = FacesContext.getCurrentInstance();
SecurityContextHolder.clearContext();
if (context != null) {
final Object responseDraft = context.getExternalContext().getResponse();
if (responseDraft instanceof HttpServletResponse) {
final HttpServletResponse response = (HttpServletResponse)
responseDraft;
final Cookie terminate = new
Cookie(ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY, "");
terminate.setMaxAge(0);
response.addCookie(terminate);
}
final Object sessionDraft =
context.getExternalContext().getSession(false);
if (sessionDraft instanceof HttpSession) {
final HttpSession session = (HttpSession) sessionDraft;
session.invalidate();
}
}
return Navigations.START;
}
The cookie could not be reset. When I've tried simply setting a different value
a valid max age, the browser (Mozilla) sent back _two_
ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE cookies, one with the old value, one
with new.
Finally, it appeared that browser also considers the path when storing/managing
cookies. And, when path is not set, it takes the "actual" path. So I finally got
two cookies with the same name and different paths (say, /login set from
/loging/login.html and / set from /login/logout.html).
I've implemented a subclass of TokenBasedRememberMeService to set a default path
("/") and used the same path when logging out. This works fine, but I think
that's all is a bit strange. I don't assume it's a bug in ACEGI, but maybe I'm
doing something wrong?
Bye.
/lexi
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
