Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-240

ServletContainerSessionManager does not honor web.xml's session timeout value

    XMLWordPrintableJSON

Details

    Description

      Instead of just calling request.getSession(), the implementation looks at the parent class's 'globalSessionTimeout' value and explicitly sets the session timeout to be that value.

      However, when the ServletContainerSessionManager is configured, it is expected to defer to the servlet container for all session-related configuration. The current implementation should not be overriding the session timeout value.

      Attachments

        Activity

          People

            lhazlewood Les Hazlewood
            lhazlewood Les Hazlewood
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 0.5h
                0.5h
                Remaining:
                Remaining Estimate - 0.5h
                0.5h
                Logged:
                Time Spent - Not Specified
                Not Specified