I think it is an uncommon use case. Most of the time, if I'm building to completely unrelated web applications, that users are required to have different sessions to log into, I will make it 2 webapps. I can think of a few ways to make this work.
1. What Jonathan originally suggested. Using a role to distinguish between the two. 2. Setting up two entirely different security managers. This would require a custom EnvironmentLoaderListener (to store the second SecurityManager in a different attribute in the ServletContext). It would also require a custom ShiroFilter to store retrieve the second SecurityManager from the servlet context. And then you would need to use native (as opposed to container-based) sessions, and use a custom version of DefaultWebSessionManager to set a different name for the session cookie. In general, shiro is not designed to run two completely separate security setups in the same web application. This was actually discussed as part of 1.2.0 and the EnvironmentLoaderListener. I suggest the roles. -Jared On Thu 03 May 2012 12:49:54 PM CDT, rama.casturi wrote: > If this is an uncommon use case, can anyone throw some light on how would I > be able to resolve/re-design this? I am constrained by having a single > webapp. Is there a workaround to this in Shiro? > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Sessions-from-different-filters-interfering-with-each-other-tp7451046p7524562.html > Sent from the Shiro User mailing list archive at Nabble.com.
