Do they really need to be authenticated or remembered is good enough? It seems you're not really taking advantage of the remember me feature so far.
As explained here: http://grails.1312388.n4.nabble.com/grails-shiro-plugin-remember-me-does-not-work-as-I-expect-td1340662.html ...to avoid forcing authentication (and accepting the remembered user actions), add "auth: false" as an argument to the accessControl call: accessControl(auth: false) -- View this message in context: http://shiro-user.582556.n2.nabble.com/Customising-rememberMe-functionality-to-auto-authenticate-tp7580403p7580423.html Sent from the Shiro User mailing list archive at Nabble.com.
