Session expiration when using stateless application

Tue, 01 Nov 2011 14:26:08 -0700 

Hi, 
We're just getting started with Shiro and want to use it in sessionless
mode.  In our shiro.ini we set: 
securityManager.subjectDAO.sessionStorageEvaluator.sessionStorageEnabled =
false 

We're getting an ExpiredSessionException after 30 minutes.  This seems weird
to me since we want sessions turned off to run in sessionless mode. 

We're logging the user in with every request since we're sessionless.  Is
this the wrong thing to be doing? 
    SecurityUtils.getSubject(); 
    UsernamePasswordToken token = new UsernamePasswordToken(user, pass); 
    try { 
      currentUser.login(token); 
    } ... 

The stacktrace we're getting is below.  We're using
org.apache.shiro:shiro-core:1.2.0-SNAPSHOT from the snapshot Maven
repository. 

org.apache.shiro.session.ExpiredSessionException: Session with id
[2840cc08-d5d0-4e84-80c0-3249242b8a3d] has expired. Last access time:
11/1/11 12:01 PM. Current time: 11/1/11 12:53 PM. Session timeout is set to
1800 seconds (30 minutes) 
   
org.apache.shiro.session.mgt.SimpleSession.validate(SimpleSession.java:292) 
   
org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doValidate(AbstractValidatingSessionManager.java:180)
 
   
org.apache.shiro.session.mgt.AbstractValidatingSessionManager.validate(AbstractValidatingSessionManager.java:143)
 
   
org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:120)
 
   
org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:105)
 
   
org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupRequiredSession(AbstractNativeSessionManager.java:109)
 
   
org.apache.shiro.session.mgt.AbstractNativeSessionManager.removeAttribute(AbstractNativeSessionManager.java:220)
 
   
org.apache.shiro.session.mgt.DelegatingSession.removeAttribute(DelegatingSession.java:159)
 
   
org.apache.shiro.session.ProxiedSession.removeAttribute(ProxiedSession.java:135)
 
   
org.apache.shiro.session.ProxiedSession.removeAttribute(ProxiedSession.java:135)
 
   
org.apache.shiro.subject.support.DelegatingSubject.clearRunAsIdentities(DelegatingSubject.java:456)
 
   
org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:258)
 

Thanks for the help, 
Ben

--
View this message in context: 
http://shiro-user.582556.n2.nabble.com/Session-expiration-when-using-stateless-application-tp6953312p6953312.html
Sent from the Shiro User mailing list archive at Nabble.com.

Reply via email to