10.4. Password encryption key of RememberMe

eXo Platform supports the "Remember My Login" feature. This guideline explains how the feature works, and how to update the password encryption key in server side for security purpose.

How the feature works

If users select "Remember My Login" when they log in, their login information will be saved in both client and server sides:

When the users visit the website for next time from the same browser on the same machine, they do not need to type their username and password. The browser sends the cookies, and the server validates it using the token. By that way, the login step is automatically completed.

Updating password encryption key

The password encryption uses a keystore file. By default, the file is:

To update the password encryption key, just remove the file, then restart the server. The keystore file will be re-created at the startup time.

Note

Updating the password encryption key causes the invalidation of existing tokens, so the users must re-login.

For more details about the feature and its configuration, refer to Remember me password encryption.

See also

Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus