New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remember me doesn't work correctly with an ajax request #508
Comments
Could you provide a sample application? |
Same issue grails 3.3.2 and plugin with 3.2.0. example uploaded: https://github.com/mamunsrdr/grails-sec-issue. |
I'm having this issue as well. In my case, the request is redirected to ajaxSuccess, returns a 200 success, and the response body looks like this { success: true, username='...' }. This was particularly frustrating because my javascript code was looking for success===true in the response handler. So between the 200 HTTP CODE and the success: true in the response body, my code (and the end user) believed the request went through and all was well. Unfortunately this was not the case, and I think I know why. If the originating request was a GET, then after spring security intercepted the request, redirected to login, login processed the remember_me logic, it could then redirect back to the original GET request. But in my case it is a POST, and you cannot redirect a POST request. So I need to scour my app code looking for POST/PUT requests and adding some logic to auto retry my request in this scenario - which is really a pain. It would be better if spring security would re-login the user without doing any redirect at all. I'll look into the grails remember-me config to see if there is a way to do this... |
Hello, I have the same problem here, is there anything new about this, or maybe there is a workaround? |
Request returns a status code 302 with a redirect to '/login/ajaxSuccess' or whatever is defined as the ajaxSuccessUrl
Correct behavior should be to process the request as normal as the user is already logged in from RemeberMeServices
The text was updated successfully, but these errors were encountered: