Thanks for the reply. I understand the design decision now. It was made quite clear with the Amazon.com example. But there are web applications where it makes more sense to authenticate users simply based on the cookie (like the intranet site I am working on now).
>From what I can see there is no simple parameter to change this behavior. How would I best go about making it? Would you recommend extending FormAuthenticationFilter to issue a issueSuccessRedirect when user is remembered? Or is extending the PassThruAuthenticationFilter the way to go. And then setting authc = MyFilterThatExtendsAnother in ini file? -- View this message in context: http://shiro-user.582556.n2.nabble.com/RememberMe-not-granting-access-to-secure-area-tp5502220p5509388.html Sent from the Shiro User mailing list archive at Nabble.com.
