Author | Message |
---|---|
jonathankroening
Posts: 39
|
Posted 16:22 Feb 28, 2015 |
It would seem that Spring Security "remembers" the user that last logged in, unless a logout happens. Such as: after a crash, or after the server is stopped. The next time the app is run on server it won't intercept to the spring security login. It just remembers the last user. Any help on this behavior? Thanks. |
cysun
Posts: 2935
|
Posted 17:10 Feb 28, 2015 |
Just like everything else, Spring Security uses session/cookie to determine if a user has already logged in. When a Tomcat server is stopped, it tries to save session data, which will be loaded when the server starts again. If you don't close your browser (i.e. keep the cookie), when the server starts again, you can access the webapp without re-login because the browser and the server can re-establish the session. This behavior is the same with or without Spring Security. |