UPDATE: We're still having RememberMe issues under IE8 so there more to this bug than the solution posted here. I will update this when we get to the bottom of it.
I've recently been looking at a bug we had with IE8 and RememberMe cookies not persisting at ShareYourLove.com when users closed their browsers.
The crux of it was that Shiro was not explicitly setting a domain on the cookie which apparently is a no-no as far as IE8 is concerned.
The fix is to configure Shiro's SecurityManager via resources.groovy:
beans = {
shiroSecurityManager(DefaultWebSecurityManager) {bean ->
realms = [ref('JsecDbRealmWrapper')]
//override remember me expiry to 30 days
rememberMeCookieMaxAge = 60 * 60 * 24 * 30
switch (Environment.current.name) {
case 'beta':
rememberMeCookieDomain = '.beta.shareyourlove.com'
break
case 'production':
rememberMeCookieDomain = '.www.shareyourlove.com'
break
default:
rememberMeCookieDomain = null
}
}
}
