Hi Dan, In Shiro 1.2+:
- If using the servlet container's session management (Shiro uses this by default), you control session timeout as expected in web.xml. Because you are using a session management mechanism outside of Shiro's control (the web container's), you must configure it via the web container (web.xml), not in shiro.ini for example. - If using Shiro's native session management, then you can configure the timeout value in Shiro's config: securityManager.sessionManager.globalSessionTimeout = 1800000 HTH, -- Les Hazlewood CTO, Stormpath | http://stormpath.com | 888.391.5282 twitter: @lhazlewood | http://twitter.com/lhazlewood blog: http://leshazlewood.com stormpath blog: http://www.stormpath.com/blog On Sat, Apr 28, 2012 at 11:39 PM, Dan Tran <[email protected]> wrote: > Hi > > Shiro 1.2's DefaultWebSecurityManager no longer give access to > sessionManager and there the documented > 'securityManager.sessionManager.globalSessionTimeout = 1800000' [1] no > longer working. > > is there an alternative way to get this feature back? > > Thanks > > -D > > [1] http://shiro.apache.org/configuration.html
