2
我使用Spring Security持久登錄。我堅持記住我的記號在我的數據庫中。有時候,我得到以下錯誤:如何解決「無效的記憶我記號(系列/記號)不匹配」錯誤?
| Error 2013-07-02 13:54:14,859 [http-nio-8080-exec-2] ERROR [/buddyis].[gsp] -
Servlet.service() for servlet [gsp] in context with path [/buddyis] threw exception
Message: Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.
Line | Method
->> 1145 | runWorker in java.util.concurrent.ThreadPoolExecutor
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 615 | run in java.util.concurrent.ThreadPoolExecutor$Worker
^ 722 | run . . . in java.lang.Thread
在我的Config.groovy:
grails.plugins.springsecurity.logout.handlerNames = [
'rememberMeServices', 'securityContextLogoutHandler', 'mySecurityEventListener'
]
grails.plugins.springsecurity.rememberMe.cookieName = 'RememberMe'
grails.plugins.springsecurity.rememberMe.alwaysRemember = true
grails.plugins.springsecurity.rememberMe.tokenValiditySeconds = 31536000 // 365 days
grails.plugins.springsecurity.rememberMe.key = 'rememberMe'
grails.plugins.springsecurity.rememberMe.persistent = true
grails.plugins.springsecurity.rememberMe.persistentToken.domainClassName = 'mypackage.PersistentLogin'
如何解決這個問題?這是什麼意思?
你現在爲'rememberMe'配置了哪些配置? – dmahapatro
@dmahapatro我更新了我的配置。 – confile
我認爲你是這個[bug](http://jira.grails.org/browse/GPSPRINGSECURITYCORE-70)的受害者,但尚未解決。我最終會猜測Toby Hobson提出的一項工作。 – dmahapatro