[
https://issues.apache.org/jira/browse/SHIRO-240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Les Hazlewood resolved SHIRO-240.
---------------------------------
Resolution: Fixed
Assignee: Les Hazlewood
> ServletContainerSessionManager does not honor web.xml's session timeout value
> -----------------------------------------------------------------------------
>
> Key: SHIRO-240
> URL: https://issues.apache.org/jira/browse/SHIRO-240
> Project: Shiro
> Issue Type: Bug
> Components: Web
> Affects Versions: 1.0.0, 1.1.0
> Reporter: Les Hazlewood
> Assignee: Les Hazlewood
> Labels: ServletContainerSessionManager, session, timeout, web.xml
> Fix For: 1.2.0
>
> Original Estimate: 0.5h
> Remaining Estimate: 0.5h
>
> Instead of just calling request.getSession(), the implementation looks at the
> parent class's 'globalSessionTimeout' value and explicitly sets the session
> timeout to be that value.
> However, when the ServletContainerSessionManager is configured, it is
> expected to defer to the servlet container for all session-related
> configuration. The current implementation should not be overriding the
> session timeout value.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
