AbstractValidatingSessionManager - auto-delete invalid sessions to prevent
orphans
----------------------------------------------------------------------------------
Key: KI-79
URL: https://issues.apache.org/jira/browse/KI-79
Project: Ki
Issue Type: Improvement
Components: Session Management
Reporter: Les Hazlewood
Assignee: Les Hazlewood
Fix For: 1.0
The current behavior on bulk session validation is to validate each active
Session, and if it has been stopped/expired as a result of validation, the
session is persisted back to the back-end datastore via a SessionDAO.
SessionDAO#delete is never called.
The default behavior of bulk validation should be to just delete all sessions
who's last access timestamp is older than the session timeout value, as most
end-users will not want to query or access session data after the session is
invalidated.
The existing behavior is in place to allow historical reporting of user access
logs based on session, but the framework itself does not make use of any such
feature, and most end-users will not need such functionality. The existing
behavior should remain, but only execute based on a configuration flag that is
turned off by default.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
