You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Les Hazlewood (JIRA)" <ji...@apache.org> on 2009/01/22 16:59:59 UTC
[jira] Created: (JSEC-46) Standalone environment - automatically
create new session after expiration
Standalone environment - automatically create new session after expiration
--------------------------------------------------------------------------
Key: JSEC-46
URL: https://issues.apache.org/jira/browse/JSEC-46
Project: JSecurity
Issue Type: Improvement
Components: Session Management
Affects Versions: 1.0
Reporter: Les Hazlewood
Assignee: Les Hazlewood
Fix For: 1.0
Per this thread: http://markmail.org/thread/4tl42fnjdaztpbso
In a non-web environment, it would be nice if the SecurityManager would automatically/transparently create a new Session for a subject if their existing session expires. The web environment already works this way.
It would probably be best if there were a securityManager configuration attribute, say 'createNewSessionAfterExpiration' (or something similar) that would enable this feature.
I'm thinking it should be enabled by default, as I assume the large majority of application developers wouldn't want to catch InvalidSessionException in their code. It could be disabled by using the aforementioned config attribute.
The DefaultWebSecurityManager could just piggyback the same logic, simplifying its code (and its internal delegate WebSessionManager).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (JSEC-46) Standalone environment - automatically
create new session after expiration
Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSEC-46?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Les Hazlewood resolved JSEC-46.
-------------------------------
Resolution: Fixed
Functionality committed with accompanying test case.
> Standalone environment - automatically create new session after expiration
> --------------------------------------------------------------------------
>
> Key: JSEC-46
> URL: https://issues.apache.org/jira/browse/JSEC-46
> Project: JSecurity
> Issue Type: Improvement
> Components: Session Management
> Affects Versions: 1.0
> Reporter: Les Hazlewood
> Assignee: Les Hazlewood
> Fix For: 1.0
>
>
> Per this thread: http://markmail.org/thread/4tl42fnjdaztpbso
> In a non-web environment, it would be nice if the SecurityManager would automatically/transparently create a new Session for a subject if their existing session expires. The web environment already works this way.
> It would probably be best if there were a securityManager configuration attribute, say 'createNewSessionAfterExpiration' (or something similar) that would enable this feature.
> I'm thinking it should be enabled by default, as I assume the large majority of application developers wouldn't want to catch InvalidSessionException in their code. It could be disabled by using the aforementioned config attribute.
> The DefaultWebSecurityManager could just piggyback the same logic, simplifying its code (and its internal delegate WebSessionManager).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Moved: (KI-60) Standalone environment - automatically create
new session after expiration
Posted by "Alan Cabrera (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KI-60?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alan Cabrera moved JSEC-46 to KI-60:
------------------------------------
Fix Version/s: (was: 1.0)
Component/s: (was: Session Management)
Affects Version/s: (was: 1.0)
Key: KI-60 (was: JSEC-46)
Project: Ki (was: JSecurity)
> Standalone environment - automatically create new session after expiration
> --------------------------------------------------------------------------
>
> Key: KI-60
> URL: https://issues.apache.org/jira/browse/KI-60
> Project: Ki
> Issue Type: Improvement
> Reporter: Les Hazlewood
> Assignee: Les Hazlewood
>
> Per this thread: http://markmail.org/thread/4tl42fnjdaztpbso
> In a non-web environment, it would be nice if the SecurityManager would automatically/transparently create a new Session for a subject if their existing session expires. The web environment already works this way.
> It would probably be best if there were a securityManager configuration attribute, say 'createNewSessionAfterExpiration' (or something similar) that would enable this feature.
> I'm thinking it should be enabled by default, as I assume the large majority of application developers wouldn't want to catch InvalidSessionException in their code. It could be disabled by using the aforementioned config attribute.
> The DefaultWebSecurityManager could just piggyback the same logic, simplifying its code (and its internal delegate WebSessionManager).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.