In Spring Security, remember me tokens are validated by comparing them with values stored in the database. Given this, why do we need a secret key for generating the tokens? What additional security does it provide?
This is what i am doing
@Bean
public PersistentTokenBasedRememberMeServices rememberMeServices() {
PersistentTokenBasedRememberMeServices rememberMeServices =
new PersistentTokenBasedRememberMeServices("secretKey", userDetailsService, persistentTokenRepository);
rememberMeServices.setAlwaysRemember(true);
rememberMeServices.setUseSecureCookie(true);
rememberMeServices.setTokenValiditySeconds(86400); // 24 horas en segundos
return rememberMeServices;
}
New contributor
Anónimo Anónimo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.