Foreword
This chapter explain Shiro Remember my function
method
1. Concept
First, to clarify that it is, and here I remember not remember the user name and password .
shiro Remember me cookie-based approach is a realization of a particular page can be accessed after turning off the function browser (session disappear)!
2. The implementation steps
1) Log in Front page modification
If you need to remember my function, then the front page need a checkbox checkbox to allow users to check.
I will not be explained here. Kazakhstan does not matter a bit ugly.
2) controller logon method to modify
3) modify the configuration file shiro
<!-- 配置Shiro的SecurityManager -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="userRealm"/>
<property name="cacheManager" ref="cacheManager"/>
<property name="sessionManager" ref="sessionManager"/>
<property name="rememberMeManager" ref="rememberMeManager"/>
</bean>
<!-- rememberMeCookie -->
<bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<constructor-arg value="rememberMe"/>
<property name="httpOnly" value="true"/>
<property name="maxAge" value="2592000"/><!-- 30天 -->
</bean>
<!-- rememberMe管理器 -->
<bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager">
<property name="cookie" ref="rememberMeCookie"/>
</bean>
Here the main configuration of the validity of the existence of the cookie, I set here for 30 days.
4) the need to remember my visit Page path join filter
Student.jsp page shown above needs can also be accessed after the browser is closed, then we check at login Remember me on ok!
Note: During the verification process, I realized that IE can not verify it, I am not very clear why? ,, Here we use chrome verify:
Log in, find relevant cookie:
We can see that the success of the emergence of our cookie, and is valid for one month!
We exit the browser continue to access student.jsp:
We find that it is still accessible.