I'm developing a non-webapp service that requires session support. Users authenticate by providing a username and password, and their session must persist for 12 hours. There is no way to enforce a session id from the client when the client returns to the system - instead I need to lookup the session by principal (username). I had a custom session solution in place that allowed this search, and I'm in the process of replacing it with Shiro. So far I've configured a DefaultSessionManager using an EhCacheManager as the backing store. How do you suggest I accomplish this? Is it sufficient to create a custom SessionDAO implementation that keys on username instead of a generated session id? Ideally both would be available.
Thank you, Ryan
