Views for cookie-based login timeout when using Spring
To use the login timeout security feature with Spring, you must define the
LoginTimeoutErrorView
, ReLogonFormView
and
RememberMeLogonFormView
views for your store.
LoginTimeoutErrorView
The user is sent to this view if the login timeout information is incorrect. If this occurs, it is likely because someone has tampered with the cookie.
ReLogonFormView
The user is sent to this view after their session has expired. It must provide the user with a form to enter their logon ID and password. The Submit button will invoke the Logon command. There should also be a Cancel button to redirect the user to another page (in most cases, the storefront page).
ReLogonFormView form attributes:
- ECUserConstants.EC_UREG_LOGONID
- The user's logon ID.
- ECUserConstants.EC_UREG_LOGONPASSWORD
- The user's logon password.
- ECUserConstants.EC_RELOGIN_URL
- The URL that is displayed if the credentials provided are invalid. In most cases, it will be name of this view.
- ECConstants.EC_STORE_ID
- The store identifier.
- ECConstants.EC_URL
- The URL that is displayed when the credentials that are entered belong to different user. In most cases, this should be a store home page, or the same URL that is used in a store logon page.
RememberMeLogonFormView
The user is sent to this view if they are a partially authenticated user that is trying to access an API that is not allowed to be accessed by a partially authentictated user.