5

I have a quick question about the authentication mechanism itself. How does securesocial manages the login cookie? I have a little problem when I change code in my system and I have been logged in before the code change then I will be logged out and I need to login again. This is true for development. For production we use a cluster system which has 2 machines if i start a request on one machine and the next request is on the other machine then I will be logged out every single time. Does anyone has an idea what this could be or better why this happens ?? we are using securesocial 0.2.2

Best regards Thomas

TeeJaay
  • 136
  • 8

1 Answers1

4

The module relies on an implementation of the UserService interface to save/find users that are authenticated. SecureSocial comes with a default implementation: DefaultUserService. However this is not suitable for a production environment because it stores everything in a HashMap in memory. This is why you get logged out when the app reloads on DEV mode or you are asked to log in again in a clustered environment.

You need to provide your own implementation of that class and store things in a DB or another backing store. Checkout the javadocs in UserService.

BTW, please upgrade to version 0.2.4. I fixed a bug that prevented some requests to be granted access when they should be redirected to the login page.

animuson
  • 53,861
  • 28
  • 137
  • 147
Jorge
  • 1,403
  • 10
  • 12
  • great, implementing your own UserService should not take long. – Jorge Feb 10 '12 at 12:31
  • 4
    I'm getting the same behaviour, even with a DB-backed UserService. I'm concerned that I'm doing something wrong. Is it normal for the provider's "Authorize app?" page to show up every time? Or should that occur only once at the beginning? – teo Jul 25 '13 at 12:19