[
https://issues.apache.org/jira/browse/SHIRO-266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13058224#comment-13058224
]
Les Hazlewood commented on SHIRO-266:
-------------------------------------
Finally, it should be noted that the 'noSession' filter only prevents new
sessions from being created. It allows access to any existing session that
might have been created in another part of the application by the application
developer.
> Login/Logout: Enable pluggable Subject state binding
> ----------------------------------------------------
>
> Key: SHIRO-266
> URL: https://issues.apache.org/jira/browse/SHIRO-266
> Project: Shiro
> Issue Type: Improvement
> Components: Session Management, Subject
> Affects Versions: 1.0.0, 1.1.0, 1.1.1
> Reporter: Les Hazlewood
> Assignee: Les Hazlewood
> Fix For: 1.2.0
>
>
> After login, a subject's state (principals, authentication state, etc) are
> bound to the Subject's session. This allows Shiro to reconstruct the Subject
> instance later on by acquiring a Session (e.g. by id) and reconstructing the
> Subject based on the Session's state.
> In stateless environments (e.g. some REST-enabled applications), it is not
> desirable to create a session. There should be a pluggable component that
> performs state binding and unbinding for subject login and logout,
> respectively. Stateless applications can choose to configure Shiro with a
> stateless binder if they don't want sessions to be created.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
