Spring security remember me - logging out one PC forgets all other persistent logins on other PCs

Question

Remember-me service definition:

  <security:remember-me services-alias="rememberMeService" data-source-ref="dataSource" user-service-ref="userService"/>

and my persistent_login table (via hibernate) looks like this :

@Column(nullable = false, unique = false, length = 128)
private String username;

@Id
@Column(nullable = false, unique = true, length = 128)
private String series;

@Column(nullable = false, unique = false, length = 128)
private String token;

@Column(nullable = false)
private Date last_used;

How to stop all persistent tokens for one username being deleted when logging out on one computer ?

Answer 1

You'll have to override the logout method of PersistentTokenBasedRememberMeServices. Decode the cookie using the decodeCookie method. The first element of the array returned is the token series which you can use to delete the information for that specific session.