Hiya, It's not recommended to use sessions in REST APIs if you can avoid it. They should ideally be stateless if possible, expecting the client to supply identity information on every request (e.g. HTTP Basic over TLS or OAuth, etc).
That being said, if you use the ShiroFilter in your Spring application, you don't have to worry about this at all - Shiro will create a session for you when the user logs in and set the JSESSIONID cookie. As long as the client sends back that JSESSIONID cookie value on every request, the current Subject will reflect the remote user correctly. http://shiro.apache.org/spring.html#Spring-WebApplications Once the ShiroFilter is configured to 'sit in front of' your other servlet filters, all you have to do is call subject.login or subject.getSession() and the cookie will be created for you. The client then needs to send back that cookie with all subsequent requests. HTH, -- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 On Fri, Apr 26, 2013 at 8:40 AM, Eustas <[email protected]> wrote: > I cannot find complete example how to use shiro for session management. > Can anyone help? > I have to adjust interahction between rest client and Spring application > through shiro. > REST client send the request including login-password. > Shiro gets this request and should to create session for this client. > After that shiro has to send back session id to client. > Client sends next request including sessionid. Shiro has to find his > session > by this id. > I found this tutor: > http://shiro.apache.org/session-management.html > I read this: > Serializable sessionId = //get from the inbound request or remote method > invocation payload > Subject requestSubject = new > Subject.Builder().sessionId(sessionId).buildSubject(); > > But what is it - searching the session by given id? So how to create first > time session and generate id for it? > Is there full example? > Thanks. > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/How-generate-session-id-and-maintain-session-tp7578665.html > Sent from the Shiro User mailing list archive at Nabble.com. >
