I've my SessionDAO that interacts with RDBMS backend for session management
and is working fine (we are using Sping/MVC).
However, I'll like to *disable* the auto-recreate session feature in shiro
when session times out. We will like the session to expire and redirect user
to login page (main application page).
I tried to capture the expired status in my update method. Not sure if this
is the correct way to do this. Code snippet is mentioned below:
public void update(Session session) {
if( ((SimpleSession) session).isExpired() ) {
log.info("Expired session id: " +
(String) session.getId().toString());
throw new UnknownSessionException;
}
// rest of the update code
}
I do see (via DEBUG) that SimpleSession is called right after readsession()
and tags the session as expired (due to timeout) and is followed by my
update method (above) which captures the isExpired() status (to be true).
However, the UnknownSessionException never takes me back to the login page.
Two questions:
1. What is the easiest way to make sure user will go back to login page upon
session expiration?
2. Is there an easy config/code example I can use to simply disable the
auto-recreate session feature in shiro?
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Make-user-go-back-to-login-page-after-session-expiration-throwing-UnknownSessionException-ExpiredSes-tp5214768p5214768.html
Sent from the Shiro User mailing list archive at Nabble.com.
