If you're using Shiro's default web config (and not 'native' sessions), then subject.getSession() will return you a proxy to the HttpSession.
That means anything you do to the Shiro Session instance will be reflected in the HttpSession - there should be no need to acquire the HttpSession directly. Anyway, if you must get the actual instance, you can do this: ServletRequest request = ((WebSubject)subject).getServletRequest(); HttpSession backingSession = ((HttpServletRequest)request).getSession(false); Just a note of warning though: do NOT do this if you're using Shiro's native sessions - it will create another (servlet container) session in addition to the native one Shiro already created - a waste of resources as well as causing a disjunction in session state. Cheers, Les On Thu, Mar 31, 2011 at 11:39 AM, arahmankhalil <[email protected]> wrote: > Hi, > > I have a servlets based web application. I want the shiro to return > HttpSession by in the following way: > > Subject currentUser = SecurityUtils.getSubject(); > HttpSession session = (HttpSession)currentUser.getSession(false) > > What configuration should I need to provide and where? > > Thanks > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/How-can-I-access-the-HttpSession-in-Shiro-1-1-0-tp6228253p6228253.html > Sent from the Shiro User mailing list archive at Nabble.com.
