Just wondering whether it's possible to extend the behaviour of the Remember Me to automatically authenticate the user after they have selected the "Remember Me" service rather than have him or her re-enter their password. Perhaps store a cookie of the following format: username + expiry + hash[username + expiry + password] Then upon cookie retrival, validate expiry, obtain password from username, re-calculate and validate hash[username + expiry + password] View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4017957#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...