I've read couple of old threads on similar topic (eg: 'Standalone - Session Timeout', 'Session Creation for same user'). However, I didn't understand, how I would go about disabling auto-create session feature of shiro (we use spring/mvc). For test purposes, I have setup my timeout to be 1min and it does triggger correctly as per the trace below: - [Thread: qtp0-8]15:00:43.799 TRACE [org.apache.shiro.subject.DelegatingSubject] attempting to get session; create = true; session is null = false; session has id = true - [Thread: qtp0-8]15:00:43.799 TRACE [org.apache.shiro.session.mgt.AbstractValidatingSessionManager] Attempting to retrieve session with id [2546a7d f-aedc-4e3e-8e29-606d025566f3] - [Thread: qtp0-8]15:00:43.799 INFO [com.bloomberg.sports.portal.eis.impl.security.SessionDAO] >>>START readSession: 2546a7df-aedc-4e3e-8e29-606d02 5566f3 - [Thread: qtp0-8]15:00:43.846 INFO [com.bloomberg.sports.portal.eis.impl.security.SessionDAO] readSession !=null, id? 2546a7df-aedc-4e3e-8e29-606d 025566f3 - [Thread: qtp0-8]15:00:43.846 INFO [com.bloomberg.sports.portal.eis.impl.security.SessionDAO] >>>End readSession: 2546a7df-aedc-4e3e-8e29-606d0255 66f3
- [Thread: qtp0-8]15:00:43.846 TRACE [org.apache.shiro.session.mgt.SimpleSession] Session with id [2546a7df-aedc-4e3e-8e29-606d025566f3] has expired . Last access time: 6/22/10 2:48 PM. Current time: 6/22/10 3:00 PM. Session timeout is set to 60 seconds (1 minutes) - [Thread: qtp0-8]15:00:43.846 INFO [mypkg.SessionDAO] >>>START updateSession: 2546a7df-aedc-4e3e-8e29-606d 025566f3 - [Thread: qtp0-8]15:00:44.017 INFO [mypkg.SessionDAO] >>>END updateSession: 2546a7df-aedc-4e3e-8e29-606d02 5566f3 - [Thread: qtp0-8]15:00:44.017 TRACE [org.apache.shiro.session.mgt.DefaultSessionManager] Creating session for host /127.0.0.1 - [Thread: qtp0-8]15:00:44.017 DEBUG [org.apache.shiro.session.mgt.DefaultSessionManager] Creating new EIS record for new session instance However, I need to turn off this behavior and have the application go back to the login page. As mentioned before, I've seen few old threads on similar topic, but wasn't able to understand the solutions. Sorry if this is a repeat question, but I would really like to get a clear solution to resolve this issue. -- View this message in context: http://shiro-user.582556.n2.nabble.com/Disable-auto-create-new-session-upon-original-session-timeout-tp5210586p5210586.html Sent from the Shiro User mailing list archive at Nabble.com.
