I think the answer is no, but is there a configurable way to set Sessions so that they expire after a fixed amount of time regardless of ongoing use? My app has a relatively long session time so as to not annoy people with logins during regular use, but a heavy user would likely never have to log in again, so I'm trying to get the best of both worlds (longer keep-alive, but forced re-authentication). I think this is similar to what gmail does.
If not, what is the best way to do it? It seems that I could set up some kind of session validation class to handle it, but it may just be simpler to do it somewhere during the Session verification process. Any suggestions on this? Thanks in advance, Mike -- View this message in context: http://shiro-user.582556.n2.nabble.com/Mandatory-session-expiration-setting-tp7577568.html Sent from the Shiro User mailing list archive at Nabble.com.
