Table of Contents
Remember-me or persistent-login authentication refers to web sites being able to remember the identity of a principal between sessions. This is typically accomplished by sending a cookie to the browser, with the cookie being detected during future sessions and causing automated login to take place. Spring Security provides the necessary hooks for these operations to take place, and has two concrete remember-me implementations. One uses hashing to preserve the security of cookie-based tokens and the other uses a database or other persistent storage mechanism to store the generated tokens.
Note that both implemementations require a UserDetailsService
.
If you are using an authentication provider which doesn't use a UserDetailsService
(for example, the LDAP provider) then it won't work unless you also have a UserDetailsService
bean in your application context.