Hi, due to several reasons I need to store sessions in a clustered database-environemnt. Searching a little bit at the Shiro mailinglist-archive I found a little howto written by Les (17th Oct. 2010), so I followed this and now I have the following nonsatisfying scenario...
Shiro.ini (excerpt) --- securityManager = org.apache.shiro.web.mgt.DefaultWebSecurityManager sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager securityManager.sessionManager = $sessionManager securityManager.sessionMode = native sessionDAO = my.custom.SessionDAO securityManager.sessionManager.sessionDAO = $sessionDAO Logging (excerpt) --- DEBUG [main] my.custom.Realm: Construct custom realm... INFO [main] org.apache.shiro.web.mgt.DefaultWebSecurityManager: native mode - enabling DefaultWebSessionManager (HTTP + heterogeneous-client sessions) INFO [main] org.apache.shiro.realm.AuthorizingRealm: No cache or cacheManager properties have been set. Authorization cache cannot be obtained. INFO [qtp1668655-54] org.apache.shiro.session.mgt.AbstractValidatingSessionManager: Enabling session validation scheduler... DEBUG [qtp1668655-54] my.custom.SessionDAO: Trying to create session... DEBUG [qtp1668655-54] my.custom.SessionDAO: Session was created with id "8ef3393189f137e551d6b1899a002b32" DEBUG [qtp1668655-54] my.custom.SessionDAO: Trying to update session with id "null"... --- And there is the problem! It seems like Shiro wants to update the session after creation-process but provides NULL as session-id :-/ The session-id created is returned and logged as it is - as a String. Due to the fact, that String implements Serializable this shouldn't be a problem... I noticed, Shiro doesn't created a session-cookie at this point. Must I implement the cookie-mechanism by myself and when, at which point has this to be done? I would be happy about any hint to get this up and running! :-) Mit freundlichen Grüßen, Greets, Christian Scharr Dipl. Wirtschaftsinf. (BA) MESO-/InHouse-Entwicklung ---------- HSH Soft- und Hardware Vertriebs GmbH Rudolf-Diesel-Straße 2 16356 Ahrensfelde Tel. (Zentrale): +49 (0)30/94 004 0 Tel. (Hotline): +49 (0)30/94 004 444 Fax: +49 (0)30/94 004 400 eMail: [email protected] --- Amtsgericht Frankfurt (Oder): HRB 7352 FF Geschäftsführer: Stephan Hauber
