In default login dialog, you can notice that there is "Remember my login" checkbox, which users can use to persist their login on his workstation. Default validity period of RememberMe cookie is 1 day (it is configurable), and so user can be logged for whole day before he needs to reauthenticate again with his credentials.
How does it work?
The user checks the "Remember my login" checkbox on login screen of GateIn Portal, then submits the form.
HTTP request, such as http://localhost:8080/portal/login?initialURI=/portal/classic&username=root&password=gtn&rememberme=true, is sent to server.
Request is processed by the
LoginController servlet. The servlet obtains instance of
RemindPasswordTokenService and saves the user credentials into JCR. It generates and returns special token (key) for later use. Then it creates a cookie called "rememberme" and uses the returned token as value of cookie.
After some time, the user wants to reauthenticate. It is assumed that his HTTP Session is already expired but his RememberMe cookie is still active.
The user sends the HTTP request to some portal pages (for example, http://localhost:8080/portal/classic).
There is a special HTTP filter named
RememberMeFilter configured in
web.xml, which checks the "rememberme" cookie and then it retrieves credentials of user from
RemindPasswordTokenService. Now the filter redirects request to PortalLoginController and authentication process goes in the same way as for the normal FORM-based authentication.
This is a special service used during the RememberMe authentication workflow. It is configurable in:
See Authentication token configuration for more details.
Another thing is that you can encrypt passwords before storing them into JCR. See Password encryption for more details.