You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Les Hazlewood (JIRA)" <ji...@apache.org> on 2009/01/22 16:59:59 UTC

[jira] Created: (JSEC-46) Standalone environment - automatically create new session after expiration

Standalone environment - automatically create new session after expiration
--------------------------------------------------------------------------

                 Key: JSEC-46
                 URL: https://issues.apache.org/jira/browse/JSEC-46
             Project: JSecurity
          Issue Type: Improvement
          Components: Session Management
    Affects Versions: 1.0
            Reporter: Les Hazlewood
            Assignee: Les Hazlewood
             Fix For: 1.0


Per this thread:  http://markmail.org/thread/4tl42fnjdaztpbso

In a non-web environment, it would be nice if the SecurityManager would automatically/transparently create a new Session for a subject if their existing session expires.  The web environment already works this way.

It would probably be best if there were a securityManager configuration attribute, say 'createNewSessionAfterExpiration' (or something similar) that would enable this feature.

I'm thinking it should be enabled by default, as I assume the large majority of application developers wouldn't want to catch InvalidSessionException in their code.  It could be disabled by using the aforementioned config attribute.

The DefaultWebSecurityManager could just piggyback the same logic, simplifying its code (and its internal delegate WebSessionManager).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (JSEC-46) Standalone environment - automatically create new session after expiration

Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/JSEC-46?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Les Hazlewood resolved JSEC-46.
-------------------------------

    Resolution: Fixed

Functionality committed with accompanying test case.

> Standalone environment - automatically create new session after expiration
> --------------------------------------------------------------------------
>
>                 Key: JSEC-46
>                 URL: https://issues.apache.org/jira/browse/JSEC-46
>             Project: JSecurity
>          Issue Type: Improvement
>          Components: Session Management
>    Affects Versions: 1.0
>            Reporter: Les Hazlewood
>            Assignee: Les Hazlewood
>             Fix For: 1.0
>
>
> Per this thread:  http://markmail.org/thread/4tl42fnjdaztpbso
> In a non-web environment, it would be nice if the SecurityManager would automatically/transparently create a new Session for a subject if their existing session expires.  The web environment already works this way.
> It would probably be best if there were a securityManager configuration attribute, say 'createNewSessionAfterExpiration' (or something similar) that would enable this feature.
> I'm thinking it should be enabled by default, as I assume the large majority of application developers wouldn't want to catch InvalidSessionException in their code.  It could be disabled by using the aforementioned config attribute.
> The DefaultWebSecurityManager could just piggyback the same logic, simplifying its code (and its internal delegate WebSessionManager).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Moved: (KI-60) Standalone environment - automatically create new session after expiration

Posted by "Alan Cabrera (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/KI-60?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alan Cabrera moved JSEC-46 to KI-60:
------------------------------------

        Fix Version/s:     (was: 1.0)
          Component/s:     (was: Session Management)
    Affects Version/s:     (was: 1.0)
                  Key: KI-60  (was: JSEC-46)
              Project: Ki  (was: JSecurity)

> Standalone environment - automatically create new session after expiration
> --------------------------------------------------------------------------
>
>                 Key: KI-60
>                 URL: https://issues.apache.org/jira/browse/KI-60
>             Project: Ki
>          Issue Type: Improvement
>            Reporter: Les Hazlewood
>            Assignee: Les Hazlewood
>
> Per this thread:  http://markmail.org/thread/4tl42fnjdaztpbso
> In a non-web environment, it would be nice if the SecurityManager would automatically/transparently create a new Session for a subject if their existing session expires.  The web environment already works this way.
> It would probably be best if there were a securityManager configuration attribute, say 'createNewSessionAfterExpiration' (or something similar) that would enable this feature.
> I'm thinking it should be enabled by default, as I assume the large majority of application developers wouldn't want to catch InvalidSessionException in their code.  It could be disabled by using the aforementioned config attribute.
> The DefaultWebSecurityManager could just piggyback the same logic, simplifying its code (and its internal delegate WebSessionManager).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.