I think it is a good use case, but I think we may not be on the same page yet.
Unless I'm mistaken, the ID that Janne was talking about was a single user or account id in his own application. That corresponded to one principal in one realm only. I don't believe he was creating an ID that was a pointer to the PrincipalCollection instance, for example. So the question is: how do you efficiently represent a user's rememberMe identity when that identity could span multiple realms, or where there might be multiple principals, or a combination thereof? Are you implying that we create a RememberMeDAO to save the PrincipalCollection instance to a datastore (which will probably be fronted transparently with a cache) and send out the record's ID only in the cookie? That sounds like an extremely complicated solution since you'd have to come up with a purging strategy to handle orphan records - it's almost like solving the Session problem over again. My personal opinion is that I'd want to figure out a way to make the serialization output size more compact before going down that road. (It's something that should be done even if a DAO was used too). Regards, Les
