Web Reverse Proxy can now be configured to remember the username, which is used in a login form, and can also be configured to persist authenticated sessions across browser restarts
- Remembering the Username
- It is possible to remember the username which was provided in the login form so that this field
can be automatically populated on subsequent logins. In order to enable this capability:
[remember-me] remember-username-cookie-nameconfiguration entry must be set to the name of the cookie which will hold the name of the user. The cookie which is returned to the browser will be a persistent cookie.
- The ‘
remember-username’ form field must be included in the login request. If this field is not included in the login request any existing remember-username cookie will be cleared.
[remember-me] remember-username-cookie-name’ configuration entry.
- Remembering the Sessions
- A session can be persisted so that a user is not required to authenticate each time they access
a site. The information required to recreate the session can be embedded within a protected token,
which can then be passed back to the client in either a HTTP header or a persistent cookie. When the
token is presented to the Web reverse proxy on a subsequent request it will validate the token and
then re-establish the user session using the information contained within the token. The token will
consist of attributes from the user credential, as defined by the ‘
[remember-me] remember-session-attribute-rule’ configuration entry, along with additional literal values, as defined by the ‘
[remember-me] remember-session-attribute-literal’ configuration entry.
In order to enable this capability:
[remember-me] remember-session-fieldconfiguration entry must be set to the name of the field which will hold the session token.
[remember-me] remember-session-key-labelconfiguration entry must be set to the name of the key which will be used to protect the token.
- The ‘
remember-session’ form field must be included in the login request.
The default login.html file contains an additional form field for remembering the session. This field is commented out by default and should be uncommented if the capability to remember the session is enabled.
- Web Storage
- Web storage, sometimes known as DOM storage, provides web applications with the ability to store
client-side data. Web storage is an alternative to cookies and provides increased security and
performance as the data is not transmitted to the client on every request. It is possible to store
login_success.htmlmanagement files to demonstrate how the session token can be stored in Web Storage.In order to enable the storage of the session token in Web Storage:
- The remember session functionality must be enabled and the session token must be configured to
be passed back in a HTTP header. This can be achieved by setting the ‘
[remember-me] remember-session-field’ to something like ‘
login_response_typePOST data must be set to success_page when you are submitting to
/pkmslogin.form. The default
login.htmlfile contains this additional form field, but it has been commented out by default.
- The remember session functionality must be enabled and the session token must be configured to be passed back in a HTTP header. This can be achieved by setting the ‘