Showing results for 
Search instead for 
Did you mean: 

secureportaladdon and remember-me Service - still incompatible ? (y 1905+)


Hi Folks,

as documented the secureportaladdon is/should be incompatible with the remember-me functionality already given by spring/default b2baccelerator:

we did not disabled the remember-me as recommended (as we did't read it before), but having no login-issues.

So, it's about 5years minimum since the "addon is not fully compatible to remember-me" - is it still true ?
We want to use the remember-me token, but were thrown out to login-page because the class

tries to get the session, which fails (but GUID and new Session are present):

public boolean isAnonymousUser(final UserModel user)
   final ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
   final HttpSession session = attr.getRequest().getSession(false);
   final CMSSiteModel site = getCmsSiteService().getCurrentSite();

   boolean isUserAnonymous = user == null || super.isAnonymousUser(user);
   if (session == null
         || (site.isRequiresAuthentication() && ((String) session.getAttribute(SECURE_GUID_SESSION_KEY) == null)))
      isUserAnonymous = true;
   return isUserAnonymous;

It returns "true" (user is anonymous) because the session is null (which normally never can happen) and not because the user is "really" anonymous. The GUID-Cookie is still set and works, Login succeeds at all.

So it SHOULD work, but returning on LoginPage, because of this above.

Long story short: is it possible to have remember-be working when using secureportaladdon / or WHY not ?



Accepted Solutions (0)

Answers (0)