Hi Michael,
An isExpired() method has not existed for a while now on purpose: I
believe that people would start to program like this everywhere in
code, for fear of being 'safe':
if (!session.isExpired()) {
session.whatever(...)
}
That feels like it would be cumbersome to even use sessions.
Instead, the framework is configured to automatically ignore an
InvalidSessionException when a Subject instance is created in response
to a request (in a web app, Subject instances are short lived and
created at the start of the request, and cleaned up at the end of the
request). This way, Shiro users never need to check an 'isExpired'
method because it will never be expired - it will be present if it is
not expired or null if it is expired (in which case a call to
getSession() will create a new session).
Are you seeing this problem in a non-request environment (non-web or
non-remoting)?
Best,
--
Les Hazlewood
CTO, Katasoft | http://www.katasoft.com | 888.391.5282
twitter: http://twitter.com/lhazlewood
katasoft blog: http://www.katasoft.com/blogs/lhazlewood
personal blog: http://leshazlewood.com
