You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Les Hazlewood (JIRA)" <ji...@apache.org> on 2009/05/29 20:46:45 UTC

[jira] Created: (KI-79) AbstractValidatingSessionManager - auto-delete invalid sessions to prevent orphans

AbstractValidatingSessionManager - auto-delete invalid sessions to prevent orphans
----------------------------------------------------------------------------------

                 Key: KI-79
                 URL: https://issues.apache.org/jira/browse/KI-79
             Project: Ki
          Issue Type: Improvement
          Components: Session Management
            Reporter: Les Hazlewood
            Assignee: Les Hazlewood
             Fix For: 1.0


The current behavior on bulk session validation is to validate each active Session, and if it has been stopped/expired as a result of validation, the session is persisted back to the back-end datastore via a SessionDAO.  SessionDAO#delete is never called.

The default behavior of bulk validation should be to just delete all sessions who's last access timestamp is older than the session timeout value, as most end-users will not want to query or access session data after the session is invalidated.

The existing behavior is in place to allow historical reporting of user access logs based on session, but the framework itself does not make use of any such feature, and most end-users will not need such functionality.  The existing behavior should remain, but only execute based on a configuration flag that is turned off by default.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.