Hi, I have a Spring3 MVC application with Shiro handling the user auth and native session management. Session timeout is set to 1hr, but after 2 minutes of inactivity the user is forced back to the Shiro/login page. I dropped in a SessionListener and I'm seeing a new session being created, but no sessions being expired.
I'm using: Spring-3.01 Shiro-core/web/ehcache 1.1.0 Any ideas what I'm missing or doing wrong? Below is log output and my Spring configuration. 2011-09-23 23:07:46 MySessionListener [INFO] Session has STARTED 6064467f-64b7-4bfd-b11c-6283dd36305e ... 2011-09-23 23:07:49 AbstractBaseController [INFO] Session id 6064467f-64b7-4bfd-b11c-6283dd36305e 2011-09-23 23:07:49 AbstractBaseController [INFO] currentPrincipal:[email protected] ... 2011-09-23 23:09:53 MySessionListener [INFO] Session has STARTED da5250cd-d3b1-4472-94d1-ae557eddd9e2 REDIRECT TO LOGIN PAGE AGAIN 2011-09-23 23:09:58 AbstractBaseController [INFO] currentPrincipal:[email protected] <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <property name="loginUrl" value="/login.jsp"/> <property name="filterChainDefinitions"> <value> /login.jsp = authc /admin/** = authc </value> </property> </bean> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="siteRealm"/> <property name="sessionMode" value="native"/> <property name="sessionManager" ref="sessionManager"/> <property name="cacheManager" ref="cacheManager"/> <property name="sessionManager.sessionListeners"> <list> <bean id="mylistener" class="com.parker.smsite.security.MySessionListener"/> </list> </property> </bean> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManager" ref="ehCacheManager"/> </bean> <bean id="ehCacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/> <bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"/> <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"> <property name="globalSessionTimeout" value="3600000"/> <property name="sessionDAO" ref="sessionDAO"/> </bean> <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.Sha256CredentialsMatcher"> <property name="storedCredentialsHexEncoded" value="false"/> <property name="hashIterations" value="1024"/> </bean> <bean id="siteRealm" class="com.parker.smsite.security.SiteRealm"> <property name="credentialsMatcher" ref="credentialsMatcher"/> </bean> -- View this message in context: http://shiro-user.582556.n2.nabble.com/New-session-created-after-2-minutes-of-inactivity-tp6826476p6826476.html Sent from the Shiro User mailing list archive at Nabble.com.
