Shiro
  1. Shiro
  2. SHIRO-240

ServletContainerSessionManager does not honor web.xml's session timeout value

    Details

      Description

      Instead of just calling request.getSession(), the implementation looks at the parent class's 'globalSessionTimeout' value and explicitly sets the session timeout to be that value.

      However, when the ServletContainerSessionManager is configured, it is expected to defer to the servlet container for all session-related configuration. The current implementation should not be overriding the session timeout value.

        Activity

        Hide
        Les Hazlewood added a comment -

        Closing with the 1.2.0 release.

        Show
        Les Hazlewood added a comment - Closing with the 1.2.0 release.

          People

          • Assignee:
            Les Hazlewood
            Reporter:
            Les Hazlewood
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - 0.5h
              0.5h
              Remaining:
              Remaining Estimate - 0.5h
              0.5h
              Logged:
              Time Spent - Not Specified
              Not Specified

                Development