属性jsessionid删除cookie

时间:2013-03-18 13:45:41

标签: spring security remember-me

我登录了我的网站。 Cookie正确创建。

我看到了JSESSIONID和SPRING_SECURITY_REMEMBER_ME_COOKIE(此时它的名字是testMecook)。没关系

然后,我关闭浏览器,然后打开它。并删除了SPRING_SECURITY_REMEMBER_ME_COOKIE字段。为什么呢?

我的配置弹簧安全性

<http pattern="/resources" security="none" />

<http use-expressions="true" disable-url-rewriting="true">
    <intercept-url pattern="/" access="permitAll"/>

    <form-login login-page="/users/login"
                authentication-failure-url="/users/loginfail"
                default-target-url="/"/>

    <access-denied-handler error-page="/users/denied"/>

    <logout logout-success-url="/" delete-cookies="JSESSIONID, testMecook"/>

    <remember-me key="TestCOOK" services-ref="rememberMeService"/>

    <anonymous/>
</http>

<authentication-manager erase-credentials="false">
    <authentication-provider ref="authenticationProvider"/>
</authentication-manager>

<beans:bean id="rememberMeService"
            class="org.xxx.security.CustomRememberMeService">
    <beans:property name="key" value="TestCOOK"/>
    <beans:property name="userDetailsService" ref="customUserDetailsService"/>
    <beans:property name="cookieName" value="testMecook"/>
</beans:bean>

<beans:bean id="authenticationProvider"
            class="org.xxx.security.provider.UserAuthenticationProvider"/>

<beans:bean id="customUserDetailsService"
            class="org.xxx.security.provider.UserDetailsServiceImpl"/>

1 个答案:

答案 0 :(得分:0)

我认为您的配置看起来很正常。关闭它后,可能是您的浏览器删除了cookie。检查浏览器中的相关设置,确保在退出时不清除cookie。