zhuxindong commented on issue #1493: URL: https://github.com/apache/shiro/issues/1493#issuecomment-2127166589
Yeah, i know the rememberMe function is disabled by default. But even though the rememberMe function is disabled, Shiro can still receive the parameter "rememberMe" in cookie, in this case,if I lose my key, the hacker can use the key to make a RCE vulnerability. So what I want to find a way to ban the "rememberMe". Fortunately, I found it in https://issues.apache.org/jira/browse/CAUSEWAY-1256 :  which is equal to `securityManager.setRememberMeManager(null);` Thank you very much -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
