On 08/02/12 17:32, Les Hazlewood wrote:
Another approach for a sessions specifically is to turn off Shiro's session validation entirely and let the Cache implementation's TTL setting be the session timeout. That is, if you set the TTL to, say, 30 minutes, then the Cache eviction mechanism _is_ the session cleanup mechanism. This might be more efficient than running a validation job every N minutes, especially if you have a cluster of web application instances (i.e. does each web app instance perform validation for the entire cluster? do they all do it?).
This certainly seems a sensible approach. So how do I turn off Shiro session validation?
John
