Hello, I think you want to enable the 'authc' filter in Shiro's configuration. If it detects a new session (or unauthenticated session), it will automatically redirect back to the login page, and then, once successfully authenticated, will redirect them back to the page they attempted to view at first.
This is the most standard way of supporting the 'redirect to login page' behavior common across most apps. For example, in Shiro's INI configuration (assuming you're using the IniShiroFilter): [main] ... authc.loginUrl = /login [urls] # allow anonymous users to login: /login = anon # all other requests must be authenticated: /** = authc HTH, Les On Wed, Jun 23, 2010 at 12:05 PM, enabler <[email protected]> wrote: > > I've my SessionDAO that interacts with RDBMS backend for session management > and is working fine (we are using Sping/MVC). > > However, I'll like to *disable* the auto-recreate session feature in shiro > when session times out. We will like the session to expire and redirect > user > to login page (main application page). > > I tried to capture the expired status in my update method. Not sure if this > is the correct way to do this. Code snippet is mentioned below: > > public void update(Session session) { > if( ((SimpleSession) session).isExpired() ) { > log.info("Expired session id: " + > (String) session.getId().toString()); > throw new UnknownSessionException; > } > > // rest of the update code > } > > > I do see (via DEBUG) that SimpleSession is called right after readsession() > and tags the session as expired (due to timeout) and is followed by my > update method (above) which captures the isExpired() status (to be true). > However, the UnknownSessionException never takes me back to the login > page. > > Two questions: > 1. What is the easiest way to make sure user will go back to login page > upon > session expiration? > 2. Is there an easy config/code example I can use to simply disable the > auto-recreate session feature in shiro? > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Make-user-go-back-to-login-page-after-session-expiration-throwing-UnknownSessionException-ExpiredSes-tp5214768p5214768.html > Sent from the Shiro User mailing list archive at Nabble.com. >
