Hi Les, I am new version (last week) of Shiro , i am using Shiro for session management also.
While testing my prototype I found following observations Before debug deeper I just want to answers from you: 1. I opened two IE browsers and started the application and logged in using some username., both browsers using same session, this is fine but if I logged in with same user in different browsers (IE, firefox), Shiro creating two different sessions at server, What is the key factor while creating session, I expect for same principal I should have one session at server which will be shared across multiple browsers or clients. As sessions are maintained at server even if I use different browsers( IE , firefox ) is it not possible to have same session for both the browsers , if logged using same user? 2. If I disable cookies in my browsers what is the fall back mechanism for Shiro to handle sessions? 3. Now I am using native shiro session mode, If I Change native to http mode , the timeout is not effecting. I changed the defaultWebSessionManager to ServletContainerManager but session timeout is not reflecting. 4. My UI is flex so I didn't configure any Url for login. If session expired or logged out I am redirecting / or opening a page. But if try to login again without closing the browser ShiroFilter not allowing me to call my remote server using blazeDS instead it throwing an UnknowSessionException. Is it not possible to login again after logout in the same browser? Thanks & Regards Balajee
