Persistent Token Approach

This approach is based on the article http://jaspan.com/improved_persistent_login_cookie_best_practice with some minor modifications [3]. To use the this approach with namespace configuration, you would supply a datasource reference:

  <http>
    ...
    <remember-me data-source-ref="someDataSource"/>
  </http>
  
            

The database should contain a persistent_logins table, created using the following SQL (or equivalent):

    create table persistent_logins (username varchar(64) not null, series varchar(64) primary key, token varchar(64) not null, last_used timestamp not null)    



[3] Essentially, the username is not included in the cookie, to prevent exposing a valid login name unecessarily. There is a discussion on this in the comments section of this article.