Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-240

ServletContainerSessionManager does not honor web.xml's session timeout value

    Details

      Description

      Instead of just calling request.getSession(), the implementation looks at the parent class's 'globalSessionTimeout' value and explicitly sets the session timeout to be that value.

      However, when the ServletContainerSessionManager is configured, it is expected to defer to the servlet container for all session-related configuration. The current implementation should not be overriding the session timeout value.

        Activity

        Hide
        lhazlewood Les Hazlewood added a comment -

        Closing with the 1.2.0 release.

        Show
        lhazlewood Les Hazlewood added a comment - Closing with the 1.2.0 release.

          People

          • Assignee:
            lhazlewood Les Hazlewood
            Reporter:
            lhazlewood Les Hazlewood
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - 0.5h
              0.5h
              Remaining:
              Remaining Estimate - 0.5h
              0.5h
              Logged:
              Time Spent - Not Specified
              Not Specified

                Development