Avoid Cookie Based Remember-Me Use Persistent Remember-Me

• Implementing TokenBasedRememberMeServices stores the MD5 hash of user password in the cookie
• Cookie-based Remember-Me functionality is vulnerable to cookie attacks
• Implementing PersistentTokenBasedRememberMeServices stores a unique persistent token in the database
• This token is regenerated and stored every time when a user logs in using persisted Remember-Me functions
• Hence, PersistentTokenBasedRememberMeServices approach prevents brute force attack

Vulnerable Code

• Implementing TokenBasedRememberMeServices for Remember-Me functionality

Secure Code

• Implementing PersistentTokenBasedRememberMeServices for Remember-Me functionality