Cookie « Security « Spring Q&A





1. Spring authentication, does it use encrypted cookies?    stackoverflow.com

Does the Spring Framework use (or in one of the options that it supports) encrypted cookies that store the logged in users userId in a cookie? This is how ASP.NET ...

2. Spring Security cookies after user logs in and Session Hijacking    stackoverflow.com

As far as I understand, when the user logs in Spring Security invalidate the Session and creates a new one.
So if I come from http with a clear sessionID cookie ...

3. API User Session Spring    stackoverflow.com

I am developing an API via web services in Spring MVC. The user must authenticate, and a cookie set in the client browser. Now this API won't be on ...

4. Using Spring Security 3 with cookies    stackoverflow.com

I have an application that is built in Java that requires authorization. However, the authentication piece is handled by a different/separate application (not in Java). The user logs in to the ...

5. How to create a new cookie for new logged user inSpring Security    stackoverflow.com

Im usign spring security 3.0 with Spring MVC. My Java Web application is a Shopping cart. Im using a Service that store a shopping list in session, When User A create ...

6. Using Spring Security Without Cookies    stackoverflow.com

I need to implement session management in a Spring app for a mobile browser that doesn't support cookies. Can this be done by putting the session id in the querystring ...

7. Setting Spring security session expiration by age rather than inactivity    stackoverflow.com

I'm trying to configure the expiration of Spring sessions for my web app. I've confirmed that the following lines in web.xml work:

  <session-config>
    <session-timeout>[# of minutes]</session-timeout>
 ...

8. Spring Security - possible to restore a lost session?    stackoverflow.com

I'm storing the user's unsaved changes as session attributes. This way, if the browser is closed accidentally no data will be lost. However, in some cases this won't help: computer shutting ...

9. Cookie problem when using spring security 2.0.1    forum.springsource.org

Cookie problem when using spring security 2.0.1 Hi all, i want to auto login by cookie, and i got my config like this: Code: CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON ...





10. session seems to expire, but user with cookie can still remain logged in    forum.springsource.org

Apr 7th, 2011, 11:06 AM #1 jeeper View Profile View Forum Posts Private Message Senior Member Join Date May 2010 Posts 317 session seems to expire, but user with cookie can ...

11. Sessionless: auth cookies disappear after Spring Security authentication completes    forum.springsource.org

Sessionless: auth cookies disappear after Spring Security authentication completes Summary: We're using a sessionless 3.0.5 configuration whereby the auth token, user ID, and security context are stored in 3 cookies. By ...

12. Custom Authentication Provider + Cookies    forum.springsource.org

Hi! I am developing a web spring application using Spring 3.1. The authentication in itself is done outside Spring via an old Cookie cgi code. This CGI is called via a ...

13. Spring Security for stateless webapps with cookie    forum.springsource.org

I need to use cookies instead of httpsession with spring security, that is for using cookies for stateless authentication. I have implemented a cookie based SecurityContextRepository. But I have some issues. ...

14. Using Acegi Security without cookies    forum.springsource.org

We are deploying our app at a customer site that do not support cookies. Their browser's are configured not to send the cookie and also their proxy servers rip out cookies ...

15. Implement transient cookie with Acegi    forum.springsource.org

Implement transient cookie with Acegi I am interesting in implementing a transient cookie for Acegi RememberMe service. I would like the cookie to be removed on logoff or exiting the browser. ...

16. How to authenticate ONLY ONCE and without cookies?    forum.springsource.org

When disabling the browser cookie support, acegi (1.06) requires me to authenticate every time I access a secured page, even when I pass the jsessionid by GET. Is this the right ...





17. Acegi not passing all cookies    forum.springsource.org

Acegi not passing all cookies I'm using Acegi 1.0.3 (and I'm stuck on this version because it comes from another party). I'm trying to get to cookies set by OpenSSO, however ...

18. Setting a cookie value after authentication    forum.springsource.org

Setting a cookie value after authentication I'm not sure if this belongs here or not, but I am using Spring MVC & Spring Security using form based authentication and was wondering ...

19. Access cookie from HttpInvokerServiceExporter    forum.springsource.org

Access cookie from HttpInvokerServiceExporter This is probably very simple as I haven't seen it discussed anywhere but I'm curious how to access cookies from inside a HttpInvokerServiceExporter bean. I have the ...

20. Setting a cookie after successful authentication    forum.springsource.org

Hello forum, I searched around this forum and didn't found a solution for my problem. I want to set a cookie just after a successful authentication. I played around with AuthenticationProvider ...

21. Custom authentication and cookie handling...    forum.springsource.org

Custom authentication and cookie handling... Hi there I'm facing some problems. Being pretty new at Spring in general and Spring Security in particular, I've spent a great amount of time on ...

22. Pre-authenticate with Cookie    forum.springsource.org

Pre-authenticate with Cookie Hello All, I've reviewed many of the forum posts on using the pre-authentication, but I just can't seem to wrap my head around it. I've read the security ...

23. Using Spring Security without cookies?    forum.springsource.org

24. Authentication using cookies    forum.springsource.org

Authentication using cookies Hi, I am working on a application that uses spring security for handling authentication. The application will be clustered and will not be using HTTP sessions. Instead the ...

25. Creating a cookie on authentication success    forum.springsource.org

Creating a cookie on authentication success Hi, I need to create a custom cookie on authentication success in order to communicate the logged in username with the static portion of our ...

26. Spring Security custom cookie implementation    forum.springsource.org

I want to set a custom cookie (custom encryption, path ,expiry etc) as part of the authentication process which i want to pass along to another application deployed on the same ...

27. Spring Security cookies after user log in and Session Hijacking    forum.springsource.org

Spring Security cookies after user log in and Session Hijacking As far as I understand, when the user logs in Spring Security invalidate the Session and creates a new one. So ...