Lesson 1: A Simple Remember Me Flow

1. Main Goal

The focus here is to implement a very simple remember-me flow for our login page.


2. Lesson Notes

If you're using the git repository to get the project - you should be using the module3 branch.

The relevant module you need to import when you're starting with this lesson is: lssc-module3/m3-lesson1

If you want to skip and see the complete implementation, feel free to jump ahead and import: lssc-module3/m3-lesson2

The credentials used in the code of this lesson are: [email protected]/pass (data.sql).


2.1. Basic Remember-Me

First, we’re going to enable the basic remember-me functionality in the security config:

.rememberMe().key("lssAppKey")

We are then going to add the remember-me checkbox on the login page:

<input id="remember" type="checkbox" name="remember-me" value="true" />

Finally, we are going to test by following two scenarios:

Scenario 1:

  • log in without remember-me
  • remove the JSESSIONID cookie manually
  • refresh the page => we should be redirected to login

Scenario 2:

  • log in with remember-me
  • remove the JSESSIONID cookie manually
  • refresh the page => we should now remain logged in


2.2. Upgrade Notes

As we've mentioned in the previous lessons, since Spring Boot 2, we have to specify the password encryption. This means that we should also set it explicitly when configuring the authentication manager:

@Autowired 
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
    auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}


3. Resources

- Remember Me in the Official Reference

LSS - A Simple Remember Me Flow - transcript.pdf
Complete and Continue