Hi, Are you logging out after each request ?
If not I would expect the session to lie around and eventually expire, which might be the message you are seeing. On looking around I notice that AbstractValidatingSessionManager has a public void setSessionValidationSchedulerEnabled(boolean sessionValidationSchedulerEnabled) method. If you want to disable session validation, try setting this property to false Manoj On Tue, Nov 1, 2011 at 2:25 PM, chengas123 <[email protected]> wrote: > Hi, > We're just getting started with Shiro and want to use it in sessionless > mode. In our shiro.ini we set: > securityManager.subjectDAO.sessionStorageEvaluator.sessionStorageEnabled = > false > > We're getting an ExpiredSessionException after 30 minutes. This seems weird > to me since we want sessions turned off to run in sessionless mode. > > We're logging the user in with every request since we're sessionless. Is > this the wrong thing to be doing? > SecurityUtils.getSubject(); > UsernamePasswordToken token = new UsernamePasswordToken(user, pass); > try { > currentUser.login(token); > } ... > > The stacktrace we're getting is below. We're using > org.apache.shiro:shiro-core:1.2.0-SNAPSHOT from the snapshot Maven > repository. > > org.apache.shiro.session.ExpiredSessionException: Session with id > [2840cc08-d5d0-4e84-80c0-3249242b8a3d] has expired. Last access time: > 11/1/11 12:01 PM. Current time: 11/1/11 12:53 PM. Session timeout is set to > 1800 seconds (30 minutes) > > org.apache.shiro.session.mgt.SimpleSession.validate(SimpleSession.java:292) > > org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doValidate(AbstractValidatingSessionManager.java:180) > > org.apache.shiro.session.mgt.AbstractValidatingSessionManager.validate(AbstractValidatingSessionManager.java:143) > > org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:120) > > org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:105) > > org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupRequiredSession(AbstractNativeSessionManager.java:109) > > org.apache.shiro.session.mgt.AbstractNativeSessionManager.removeAttribute(AbstractNativeSessionManager.java:220) > > org.apache.shiro.session.mgt.DelegatingSession.removeAttribute(DelegatingSession.java:159) > > org.apache.shiro.session.ProxiedSession.removeAttribute(ProxiedSession.java:135) > > org.apache.shiro.session.ProxiedSession.removeAttribute(ProxiedSession.java:135) > > org.apache.shiro.subject.support.DelegatingSubject.clearRunAsIdentities(DelegatingSubject.java:456) > > org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:258) > > Thanks for the help, > Ben > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Session-expiration-when-using-stateless-application-tp6953312p6953312.html > Sent from the Shiro User mailing list archive at Nabble.com. > -- http://khangaonkar.blogspot.com/
