[
https://issues.apache.org/jira/browse/JSEC-46?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Les Hazlewood resolved JSEC-46.
-------------------------------
Resolution: Fixed
Functionality committed with accompanying test case.
> Standalone environment - automatically create new session after expiration
> --------------------------------------------------------------------------
>
> Key: JSEC-46
> URL: https://issues.apache.org/jira/browse/JSEC-46
> Project: JSecurity
> Issue Type: Improvement
> Components: Session Management
> Affects Versions: 1.0
> Reporter: Les Hazlewood
> Assignee: Les Hazlewood
> Fix For: 1.0
>
>
> Per this thread: http://markmail.org/thread/4tl42fnjdaztpbso
> In a non-web environment, it would be nice if the SecurityManager would
> automatically/transparently create a new Session for a subject if their
> existing session expires. The web environment already works this way.
> It would probably be best if there were a securityManager configuration
> attribute, say 'createNewSessionAfterExpiration' (or something similar) that
> would enable this feature.
> I'm thinking it should be enabled by default, as I assume the large majority
> of application developers wouldn't want to catch InvalidSessionException in
> their code. It could be disabled by using the aforementioned config
> attribute.
> The DefaultWebSecurityManager could just piggyback the same logic,
> simplifying its code (and its internal delegate WebSessionManager).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
