[
https://issues.apache.org/jira/browse/SHIRO-340?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13190040#comment-13190040
]
Les Hazlewood commented on SHIRO-340:
-------------------------------------
Yeah, sorry I was scoping the 'Shiro uses the Session' issue to the
savedRequest mechanism and the runAs mechanism (without specifying exact calls).
Shouldn't this be configurable, and perhaps we default to the cookie
implementation? I mean - is ok to assume that cookies will be preferred and
always available in all environments?
> Shiro should avoid creating sessions if one doesn't exist
> ---------------------------------------------------------
>
> Key: SHIRO-340
> URL: https://issues.apache.org/jira/browse/SHIRO-340
> Project: Shiro
> Issue Type: Improvement
> Components: Web
> Affects Versions: 1.1.0, 1.2.0
> Reporter: Kalle Korhonen
>
> WebUtils.saveRequest() forces creating a session even if doesn't exist
> before. This hinders scalability. For savedRequests, it's not clear session
> is needed at all, a cookie might be better option for storing information in
> this case. Similarly, we should go through the rest of the codebase and see
> if sessions are created unnecessarily.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
