What's the best practice to implement sign in "Remember Me" feature in Java?
Obviously, storing cookies with username and password in user's browser is not secure enough. Create authentication token in cookies and db instead? Any simple examples?
+4
A:
Take a look at the Spring Security framework. You can achieve this scenario with a few lines of configuration.
Kees de Kooter
2009-05-08 19:42:07
I agree, Spring is worth considering, but what I am looking for is design pattern and Java implementation using J2EE.
Artemij
2009-05-08 19:48:08
He didn't suggest Spring, just Spring Security. You don't need to use one to use the other.
CoverosGene
2009-05-08 19:56:11
"what I am looking for is design pattern and Java implementation using J2EE" ... eh? Is Spring not "J2EE" enough? I feel like "J2EE" is such a meaningless term
matt b
2009-05-08 20:04:40
A:
I'll second the suggestion of using Spring Security. It comes with a couple of different implementations for managing the token stored in the cookie on the users's browser.
http://static.springframework.org/spring-security/site/reference/html/remember-me.html
David
2009-05-08 19:48:14