Hi Les, Not sure if my issue related to this https://issues.apache.org/jira/browse/SHIRO-240?
Perhaps, i should reopen SHIRO-240? -Dan On Wed, May 2, 2012 at 6:56 AM, Les Hazlewood <[email protected]> wrote: > On Mon, Apr 30, 2012 at 2:38 PM, Dan Tran <[email protected]> wrote: >> >> due to this config >> >> <bean id="securityManager" >> class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> >> [....] >> <property name="sessionManager.globalSessionTimeout" value="1800000" /> >> [....] >> </bean> > > The above config is only valid if you've configured Shiro to use a > 'native' session manager. By default, the DefaultWebSecurityManager > uses a Servlet Container-based session manager, which delegates all > session management behavior to the Servlet Container. > >> So I ended up to add this into my web.xml >> >> <session-config> >> <session-timeout>30</session-timeout> >> </session-config> >> >> I dont think this is working either ( i change the value to 1 and >> session is not timing out after 1 minute ) > > This appears to be correct. I can't speak as to why your servlet > container wouldn't be honoring a 1-minute timeout, but this would be > out of Shiro's control since you're using Servlet Container-based > session management. > > HTH, > > -- > Les Hazlewood > CTO, Stormpath | http://stormpath.com | 888.391.5282 > twitter: @lhazlewood | http://twitter.com/lhazlewood > blog: http://leshazlewood.com > stormpath blog: http://www.stormpath.com/blog
