Les, Thanks for the help. I voted for SHIRO-286. However, now I have a few more questions.
How would you keep the database up-to-date with current access times? Without a SessionListener.onAccess() method or something similar, the only time the database will get updated is when the user logs in, logs out, or their session times out. What about all of the time in-between? Some users can spend all day using the site, but never hit my 30 minute session timeout. Also, I'm concerned that code to update the database with the last accessed date is going to be scattered all over. It would be nice if it could all be done inside listener methods, but I don't see how that is possible for remember me cases: When logging in: * AuthenticationListener.onSuccess() * OR AuthorizingRealm.doGetAuthenticationInfo() When being remembered: * CookieRememberMeManager.getRememberedPrincipals() * OR ???Listener??? When logging out: * AuthenticationListener.onLogout() When session expiring: * SessionListener.onExpiration() * OR? SessionListener.onStop() When session is accessed by subject: * ??? If you were implementing this, where would you put the code to update the database and keep track of last accessed dates? Note that in reality, I don't need exact last accessed dates, but I need them with at least 30 minutes of accuracy. My UI displays this information from a hibernate query, so it is probably easiest to update the database regularly instead of combining the hibernate query results with shiro's session store information. It would get messy to go through the result set, check if each user has an active shiro session, and update the output to show that user's session.getLastAccessTime. Thanks, Tauren On Mon, Jun 6, 2011 at 2:54 PM, Les Hazlewood <[email protected]> wrote: > Hi Tauren, > >> How do I best go about finding and saving the last accessed date? Are >> all of the following statements accurate? >> >> * SessionListener.onStart() happens when a session starts, but it >> doesn't yet know WHO started that session. So it really doesn't help >> me. > > Correct - that just lets you know that a session has been started, but > a user isn't associated at that point. > >> * SessionListener.onStop() and onExpiration() could be used to save >> the last accessed time to the Member's table. > > Correct, this is probably the best approach since you can call > session.getLastAccessTime during one of those methods. This sounds > like the best approach. > >> * AuthenticationListener.onSuccess() could be used to save the time a >> user authenticates, but this doesn't help for rememberme logins. > > Correct - AuthenticationListeners are only triggered on > authentication. RememberMe isn't valid authentication. > >> * AuthenticationListener.onLogout() could be used to save the time a >> user logs out, but won't help for sessions that time out. > > Correct. > >> * Should there be a SessionListener.onUserAssociated() method? Les >> suggested I add a Jira for this, but that was long ago. Is there an >> alternative solution now, or does this still make sense to add? > > I think it might be better to represent this in the form of a > SubjectListener: https://issues.apache.org/jira/browse/SHIRO-286 > > Please vote for it if you'd like it implemented sooner rather than > later (While I can't speak for other Shiro devs, I personally pay > attention to the vote count as an indicator of community need). > > HTH, > > -- > Les Hazlewood > CTO, Katasoft | http://www.katasoft.com | 888.391.5282 > twitter: http://twitter.com/lhazlewood > katasoft blog: http://www.katasoft.com/blogs/lhazlewood > personal blog: http://leshazlewood.com >
