How about storing a map with Map<username + host + whatever identifying the requester application, session id>
so that you can get it back? Another way is to implement your own SessionKey so that it is derived from username so that you can recreate it. The key is that you must also be able to uniquely identify the calling application so that requests from client 1 and client 2 with the same username are not the same. Jack -- View this message in context: http://shiro-user.582556.n2.nabble.com/retrieve-session-based-on-principal-tp6464083p6464395.html Sent from the Shiro User mailing list archive at Nabble.com.
