You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Les Hazlewood (JIRA)" <ji...@apache.org> on 2009/01/26 05:16:59 UTC
[jira] Resolved: (JSEC-46) Standalone environment - automatically
create new session after expiration
[ https://issues.apache.org/jira/browse/JSEC-46?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Les Hazlewood resolved JSEC-46.
-------------------------------
Resolution: Fixed
Functionality committed with accompanying test case.
> Standalone environment - automatically create new session after expiration
> --------------------------------------------------------------------------
>
> Key: JSEC-46
> URL: https://issues.apache.org/jira/browse/JSEC-46
> Project: JSecurity
> Issue Type: Improvement
> Components: Session Management
> Affects Versions: 1.0
> Reporter: Les Hazlewood
> Assignee: Les Hazlewood
> Fix For: 1.0
>
>
> Per this thread: http://markmail.org/thread/4tl42fnjdaztpbso
> In a non-web environment, it would be nice if the SecurityManager would automatically/transparently create a new Session for a subject if their existing session expires. The web environment already works this way.
> It would probably be best if there were a securityManager configuration attribute, say 'createNewSessionAfterExpiration' (or something similar) that would enable this feature.
> I'm thinking it should be enabled by default, as I assume the large majority of application developers wouldn't want to catch InvalidSessionException in their code. It could be disabled by using the aforementioned config attribute.
> The DefaultWebSecurityManager could just piggyback the same logic, simplifying its code (and its internal delegate WebSessionManager).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.