Lenny and Kalle, thank you for your responses.
On Tue, Feb 25, 2014 at 10:26 PM, Kalle Korhonen <kalle.o.korho...@gmail.com > wrote: > > > Shiro makes a strong separation between remembered and authenticated use > cases. It depends on your security settings whether you want to allow > remembered only users. How should the security settings be set to allow RememberMe functionality? > The built-in Shiro rememberMe cookie is in not > secure. I've written about the topic several times. RollingTokenRealm (at > the end of http://tynamo.org/tynamo-federatedaccounts+guide) was born out > of the need to support a (more) secure rememberMe use case. (And to Lenny, > no, productionMode does not effect this functionality in any way). > You're right - I tried running the application in production mode but the effect is the same - no cookie is created in either case. I'm aware of the fact that the rememberMe cookie is not secure. Also, we're using Hibernate - as I see RollingTokenRealm currently only supports JPA. > Are you sure the cookie isn't created or it just doesn't work the way you > expected? I.e. user is not logged in. > > No, the cookie isn't created. The user logs in successfully into our web application, but there is no "rememberMe" cookie. I tried different browsers (Firefox, Chrome, IE) and platforms (Linux / Windows). Regards, Lidija
