Hiya, Just to be clear here, Shiro's session management mechanism's aren't redirecting the user to login page. What is likely happening is that the old session is timed out, and a new one created to replace it. Then it's likely that authentication filter sees the current Subject is not authenticated (new session = !authenticated), and the authc filter redirects the request to the login page.
Are you using servlet container sessions or Shiro's native session management? I can't think of a good approach using servlet container sessions at the moment - perhaps you can inspect the httpSession.isNew() value and perform some custom logic based on that? -- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 On Mon, Apr 22, 2013 at 12:05 PM, dgv <[email protected]> wrote: > any idea? > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Specifying-a-custom-session-timeout-page-tp7578588p7578644.html > Sent from the Shiro User mailing list archive at Nabble.com. >
