Uploaded image for project: 'JCommune'
  1. JCommune
  2. JC-1743

Remember me doesn't work for some people

VotersWatchers
    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.4 Larks
    • Fix Version/s: 2.8 Larks
    • Labels:
      None
    • Sprint:
      2.5 Larks, 2.6 Larks, 2.8 Larks

      Description

      I get redirected to login page if my session expired:

      2014-01-18 08:14:11 [DEBUG][http-8080-14    ][][org.jtalks.jcommune.web.rememberme.RememberMeServices] - Refreshing persistent login token for user 'Староверъ', series 'pgC9QXNyn
      5dZSfIhjlDc9A=='
      2014-01-18 08:14:11 [DEBUG][http-8080-14    ][][org.jtalks.jcommune.web.rememberme.RememberMeServices] - Remember-me cookie accepted
      2014-01-18 08:14:11 [ERROR][http-8080-15    ][][org.jtalks.jcommune.web.rememberme.RememberMeCheckService] - Староверъ presented token oTuxTvOvf/MRP2CGWlcSvw== of series pgC9QXNy
      n5dZSfIhjlDc9A== isn't equal for persistent token Yc4p9cr6zyEcXFJekWWkrQ==
      2014-01-18 08:14:11 [DEBUG][http-8080-15    ][][org.jtalks.jcommune.web.rememberme.RememberMeServices] - Remember-me cookie detected
      2014-01-18 08:14:11 [DEBUG][http-8080-15    ][][org.jtalks.jcommune.web.rememberme.RememberMeServices] - Cancelling cookie
      2014-01-18 08:14:11 [ERROR][http-8080-15    ][][rg.jtalks.jcommune.web.controller.ExceptionHandlerController] - RememberMe exception:
      org.springframework.security.web.authentication.rememberme.CookieTheftException: Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.
              at org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices.processAutoLoginCookie(PersistentTokenBasedRememberMeServices.java:90
      )
              at org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.autoLogin(AbstractRememberMeServices.java:91)
              at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:77)
              at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
              at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
              at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
              at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)
              at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
              at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177)
              at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
              at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
              at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
              at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
              at org.jtalks.jcommune.web.filters.UsernamePasswordAuthenticationFilter.doFilter(UsernamePasswordAuthenticationFilter.java:63)
              at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
              at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
              at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
              at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
              at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
              at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:169)
              at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
              at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

        Attachments

          Issue Links

            Structure

              Activity

                People

                • Assignee:
                  xcandlelight Yuliya Selyugina
                  Reporter:
                  ctapobep Stanislav Bashkyrtsev
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  8 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Time Tracking

                    Estimated:
                    Original Estimate - Not Specified
                    Not Specified
                    Remaining:
                    Remaining Estimate - 0h
                    0h
                    Logged:
                    Time Spent - 4h
                    4h

                      Structure Helper Panel