I have my Spring MVC & Spring Security up and running as suggested by Spring's own reference application "petclinic". Everything's fine except that the login does not persist a browser restart.
What has to be considered to make sure a logged in user does not need to relogin after browser restart?
On a browser restart, user sessions aren't maintained. So, you login informations doesn't survive a browser restart because they are stored in session.
To set up a login that survives browser restarts, you need to implement a cookie based authentication, also known as "Remember me" in Spring security.
To set up "Remember me" using Spring security, I suggest you the following article. You can also check out Spring documentation on the subject.