Under certain scenarios, the websites need to remember the identity of the user between the sessions. This can be enabled by adding the remember-me feature. Spring, by default, enables the remember-me feature by adding the cookies-based token to the response. The remember-me cookie, added on client, contains the following data:

• username: This is to identify the logged-in principal.
• expirationTime: This is the time until the cookie will be available. The default is 2 weeks.
• MD5 hash: This contains a combination of username and expirationTime, plus the password and the predefined key.

Along with the cookies, Spring also supports storing the generated token about the user in the database. The standard configuration of the <remember-me> tag is shown as follows:

<security:remember-me remember-me-parameter="some_valid_name" 
  token-validity-seconds="validity_in_seconds"
  data-source-ref="if_for_dataSource_bean"_> 
</security:remember-me> 

The attributes used in the preceding configuration are as follows:

• remember-me-parameter: This is the name of the checkbox that we are using.
• token-validity-seconds: This is the time in seconds, after which the remember-me cookie will expire.
• data-source-ref: This attribute is used in case we want to store the information in the database. By default, the simple hash-based token approach is cookie-based.

Let's quickly add the feature in our demo with the help of the following simple steps:

1. Update the <http> tag by adding the <remember-me> tag, as shown here:

<security:remember-me remember-me-parameter="rem-me"> 
</security:remember-me> 

2. Update the login.jsp file to add the checkbox, as shown in the following lines of code:

<tr> 
  <td></td> 
  <td align="left">Remember ME<input type="checkbox"                
    value="rem-me"></td> 
</tr> 

Don't forget to use the same name of the checkbox that we declared in the <http> configuration.

3. We are all set to run the application:

1. Click on the CLICK HERE TO READ THE DATA link and you will get the form with the Remember ME checkbox, as shown in the following screenshot:

2. Enter User Name and Password without selecting the checkbox.

3. You will get the data page successfully if the credentials are correct.

4. Now, again, rerun the application and click on the same link; obviously, you will be prompted to enter credentials.

5. Now rerun the application and, this time, when you are prompted to add the credentials, select the checkbox. Nothing special happened, correct? Just wait and rerun the application.

6. Click on the link. Bingo! We haven't got any window asking us to enter the credentials. Yes, we selected the checkbox and stored our information in the cookie. This information will be valid until the cookie expires.