Just FYI. I found the unbindSubject() method under ThreadContext class. With the approach I laid out in the last message, things are now working as expected.
I basically unbind the thread when it's completed a task so that when it services the next request, the thread is cleaned and if there is no session ID in subsequent requests, the service simple throw UnauthenticatedException. Thanks, Jack -- View this message in context: http://shiro-user.582556.n2.nabble.com/Checking-Session-Timeout-tp6373753p6379729.html Sent from the Shiro User mailing list archive at Nabble.com.
