Hi Jelle, In a web-environment, the JSecurityFilter does some automatic logic:
when a request comes in, it tries to acquire the session associated with the request. If the session is expired (catches an ExpiredSessionException), it automatically creates a new one. The DefaultSecurityManager, used in a non-web environment, does not currently automatically perform this 'auto create if expired' logic. I've added a Jira issue to track this: https://issues.apache.org/jira/browse/JSEC-46 as I feel it would be a worthwhile improvement. In the meantime, you could always have a wrapper SubjectManager that you interact with in your application that wraps the Subject.* calls (this is a good idea anyway, as it abstracts JSecurity's API away from your application). In that implementation, you could catch any InvalidSessionException and then automatically create a new session and return that. Please subscribe to the Jira issue if you want to see when the functionality will be available. Cheers, Les On Tue, Jan 20, 2009 at 10:05 AM, jvreeker <[email protected]> wrote: > > I am using a spring service and hibernate. > > I have a credentialsMatcher that is using a DAO to check if the user exsist > in the DB. > I think i forget something! > > Jelle > > > Les Hazlewood-2 wrote: > > > > Hi Jelle, > > > > What environment are you running in? Is this a web application or > > business-tier/standalone? > > > > Thanks, > > > > Les > > > > On Tue, Jan 20, 2009 at 8:50 AM, jvreeker <[email protected]> wrote: > > > >> > >> I have some problems with expiration of a session. > >> I created a login function. > >> > >> Subject currentUser = securityManager.getSubject(); > >> if (!currentUser.isAuthenticated()) > >> { > >> currentUser.login(usernamePasswordToken); > >> > >> Session s = currentUser.getSession(); > >> > >> s.setTimeout( 600000); > >> s.setAttribute(CacheConstants.USEROBJECT, tmpData); > >> } > >> So timeout is 10 minutes. > >> If I wait for more than 10 minutes and login again with the same user I > >> always get ExpiredSessionException. > >> How can I remove this session and login again and create a new Session. > >> > >> Thanks, > >> Jelle > >> > >> -- > >> View this message in context: > >> http://n2.nabble.com/Session-Expiration-tp2186574p2186574.html > >> Sent from the JSecurity User mailing list archive at Nabble.com. > >> > >> > > > > > > -- > View this message in context: > http://n2.nabble.com/Session-Expiration-tp2186574p2186919.html > Sent from the JSecurity User mailing list archive at Nabble.com. > >
