One thought is that the session cookie, by default, is not set to persist beyond the browser closing. Not sure if that's what you're seeing, or if it would be an issue in PhoneGap, but it might be a bit of a gotcha.
I believe you can fix that with something like this: cookie=org.apache.shiro.web.servlet.SimpleCookie cookie.maxAge=288000 # i bumped this up to 80 hrs, just to be safe...the session will still expire at 72 sessionManager.cookie=$cookie Or I could be way off base. -Jared On Thu 07 Jun 2012 05:35:32 PM CDT, drmike01 wrote: > I just did an initial login and subsequent access, and it appears to be > finding that cookie. I'll have to try again in a little bit to see if, > after a period of time, I get a different response. The logs had the below: > > 2012-06-07 15:24:21,819 [http-bio-8080-exec-3] DEBUG > org.apache.shiro.session.mgt.DefaultSessionManager .create:175 - Creating > new EIS record for new session instance > [org.apache.shiro.session.mgt.SimpleSession,id=null] > 2012-06-07 15:24:21,820 [http-bio-8080-exec-3] DEBUG > org.apache.shiro.web.servlet.SimpleCookie .addCookieHeader:226 - Added > HttpServletResponse Cookie [JSESSIONID=6ca59e24-d8c8-497c-bcc4-3b2d02a9d121; > Path=/mhrx; HttpOnly] > ... some of my own debugging > 2012-06-07 15:25:29,167 [http-bio-8080-exec-5] DEBUG > org.apache.shiro.web.servlet.SimpleCookie .readValue:366 - Found > 'JSESSIONID' cookie value [6ca59e24-d8c8-497c-bcc4-3b2d02a9d121] > > I'm not sure it matters, but I do have my own Realm implementation, as well > as my own LoginFilter that extends AuthenticatingFilter. I don't recall > seeing anything in the superclasses that could screw this part up, though. > > I'll post back in a little bit with what happens with the expired attempt. > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Native-session-management-for-web-sessions-tp7577474p7577476.html > Sent from the Shiro User mailing list archive at Nabble.com.
