Am I correct that the only way to check for session timeout is to actually explicitly do something with the session object (i.e. call a method in Session class)? I thought that isAuthenticated() method returns false when user is either not authenticated or that the session has already timed out, but that doesn't seem to be the case. If I don't place a logic to explicitly check, my client still can do everything as if the session hasn't timed out.
Thanks, Jack -- View this message in context: http://shiro-user.582556.n2.nabble.com/Checking-Session-Timeout-tp6373753p6373753.html Sent from the Shiro User mailing list archive at Nabble.com.
