org.springframework.security.web.authentication.rememberme.CookieTheftException: Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.
at org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices.processAutoLoginCookie(PersistentTokenBasedRememberMeServices.java:102)
at org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.autoLogin(AbstractRememberMeServices.java:115)
我注意到processAutoLoginCookie
方法被調用兩次。方法本身的行爲似乎是正確的,例如,更新數據庫中的令牌並更新客戶端中的cookie。 任何幫助,將不勝感激。無效的記憶我記號(系列/記號)不匹配。暗示以前的cookie盜竊攻擊