how can i do the automatic login based on this best practice if i need both username and password in order to login the user?
Just get username and password straight from the DB based on the value of the "remember me" cookie. Then you can provide them to the HttpServletRequest#login()
method.
Note that the value of the "remember me" cookie should absolutely not contain any hints about the username, password nor ID. It should be an absolutely random value. The java.util.UUID
is helpful here.