Extend RememberMe cookie to include IP address

I am looking to insert an IP address check to the RememberMe login flow.

~I know I can get the IP Address from the DeviceInfoProvider class
~I know how to read/write to the cookie

I’m just not sure how to override the standard LoginScreenAuthDelegate class.


Some ideas can be found here.

If you want to store the address right in the remember me token, you may need to:

  1. Extend RememberMeToken class. Please note that the token is an entity, so, you’ll have to extend the class as an entity
  2. Override com.haulmont.cuba.security.app.UserManagementServiceBean#generateRememberMeToken by extending the service UserManagementService.

May I ask why do you need this functionality and how are you going to use it?

My thought process is that it can be used as another layer of security. If the IP address changes (implying the device has changed networks), I want the cookie to be invalidated.

I develop custom business software and I am trying to mitigate the risk of a computer being stolen and the thief getting access to the data in the software. While it isn’t a perfect solution, it seems like an easy extra layer implement.

It’s a valid case, I agree. But this might cause some issues when you use your laptop and should log in from remote places. Or if you have a DHCP in your organization, you might have issues when your computer is rebooted.

You can go forward with any of the options I specified above. But do not forget about other means of protection like VPN.