Re-authenticate remember-me users

Brought to you by: chris_schultz, maxcooper

Re-authenticate remember-me users

Forum: Help

Creator: Warner Godfrey

Created: 2006-11-03

Updated: 2013-04-15

Warner Godfrey - 2006-11-03

I would like to re-authenticate users authenticated using a remember-me cookie. The behaviour I am looking for is similar to the SourceForge login where you can auto-login using a remember-me cookie but if you attempt to edit your user details you are prompted to re-enter your username/password.

I am not sure if this is possible using SecurityFilter as I haven't seen any examples or discussions on this topic. Does SecurityFilter support this behaviour?

Regards,
Warner

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Torgeir Veimo - 2006-11-06
  
  I'd suggest you have a session variable set if the user has authenticated a second time. As for doing the second time authentication, I'd suggest doing it without using securityfilter. You can either enforce the second time authentication using a servlet filter which checks for the presence of the defined session attribute, or just have the edit action code check it.
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.