Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-240

ServletContainerSessionManager does not honor web.xml's session timeout value

    Details

      Description

      Instead of just calling request.getSession(), the implementation looks at the parent class's 'globalSessionTimeout' value and explicitly sets the session timeout to be that value.

      However, when the ServletContainerSessionManager is configured, it is expected to defer to the servlet container for all session-related configuration. The current implementation should not be overriding the session timeout value.

        Attachments

          Activity

            People

            • Assignee:
              lhazlewood Les Hazlewood
              Reporter:
              lhazlewood Les Hazlewood
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 0.5h
                0.5h
                Remaining:
                Remaining Estimate - 0.5h
                0.5h
                Logged:
                Time Spent - Not Specified
                Not Specified