简体繁体 English

如何在Play 2.0框架中实现“记住我”功能？

[英]How to implement “ remember me ” functionality in Play 2.0 framework?

原文 2012-07-11 06:31:19 7 3 java/ playframework/ playframework-2.0/ play2-mini

Hi i'm working on play20 framework with java application.For that i want to implement "remember me" functionality like gmail or facebook without cookies . 嗨，我正在使用Java应用程序开发play20框架。为此，我想实现“记住我”功能，例如没有cookie的gmail或facebook。 i don't know how to start .Can any one help me in that ? 我不知道如何开始。有人可以帮助我吗？ Thank you in Advance. 先感谢您。

3 个解决方案

Why do you want it without cookies? 为什么不加饼干就想要它？ If you'll remove all google.* cookies it will not remember you as well. 如果您要删除所有google。* cookie，它也不会记住您。

Of course you do not need to store credentials in the cookies to keep the user logged in. Most probably you need to save some kind of ID in the database for each logged user and then store this ID as a cookie. 当然，您无需在cookie中存储凭据即可保持用户登录。很可能您需要为每个登录用户在数据库中保存某种ID，然后将该ID存储为cookie。 When user comes back you have to check if stored cookie fits any of the user and if it do, just consider the user is logged in. 当用户回来时，您必须检查存储的cookie是否适合任何用户，如果适合，则只需考虑该用户已登录即可。

Of course to avoid brute force attempts you should also create additional validation cookie(s) and each time check if sets of cookies matches each other with server-side comparison. 当然，为了避免强行尝试，您还应该创建其他验证cookie，并通过服务器端比较每次检查cookie组是否相互匹配。

I think you definitely need cookies. 我认为您肯定需要Cookie。 However RememberMe isn't so trivial as it's looks. 但是，RememberMe并不是看起来那么简单。 I implement one for permsec in play2.0. 我在play2.0中为permsec实现了一个。 After finish it, I found this article , which shows a lot of problems with stolen cookies. 完成后，我找到了这篇文章，其中显示了很多关于被盗Cookie的问题。

I don't think it is possible without using cookies. 我认为不使用cookie是不可能的。 If you want to implement this functionality with cookies, when user clicks "remember me" just let the expire date be in a distant future. 如果要使用Cookie来实现此功能，则当用户单击“记住我”时，只需将过期日期设为遥远的将来即可。