In my Shirofied app and indeed also the QuickStart app, the RememberMe functionality is not working as expected (i.e. possibly a bug).
Try logging in with, for example root in the quickstart app and tick the remember-me box. It'll say Hi Root! on the homepage, and you can visit the account page. Great. Now, restart the server (jetty or whatever) and try access that same account page again. You will be directed to the login.jsp page. That can't be right? The app should remember the user and let them in to the secure account area. The cookie is read just fine however, as can be seen if you go to the home page. See, it says Hi root! on the page, which proves that <shiro:user><shiro:principal/></shiro:user> is used. My own app prints the following debug messages: 16:16:42.023 [17243...@qtp-21323983-0] DEBUG o.a.shiro.web.servlet.SimpleCookie - Found string value [longStringHere] from Cookie [rememberMe] 16:16:42.352 [17243...@qtp-21323983-0] DEBUG o.a.shiro.mgt.DefaultSecurityManager - Found remembered PrincipalCollection. Adding to the context to be used for subject construction by the SubjectFactory. 16:16:42.357 [17243...@qtp-21323983-0] DEBUG o.a.shiro.mgt.DefaultSecurityManager - Created session with id mkv7y3m6rwunxjvln6pr99qg to retain discovered principals bhj Still, just like the quickstart app, Shiro won't let the user into authc protected area without logging in again -- View this message in context: http://shiro-user.582556.n2.nabble.com/RememberMe-not-granting-access-to-secure-area-tp5502220p5502220.html Sent from the Shiro User mailing list archive at Nabble.com.
