If i remember correctly, public services like google usually offer the ability to avoid the login process for 2 weeks. This way, even with the tab closed, browser or even OS restart, the user can still access the web page as the subject without having to re-login.
The question here is : - To implement this in Apache Shiro, it's just about the session timeout isnt it, something like globalSessionTimeout ? This way the session is stored and kept alive for 2 weeks before timeout-ing by itself out of inactivities. - This is --not-- the same as the "Remember Me" feature of Shiro where the authenticated and remembered are differentiated, correct ? -- Do not pursue the past. Do not lose yourself in the future. The past no longer is. The future has not yet come. Looking deeply at life as it is in the very here and now, the practitioner dwells in stability and freedom. (Thich Nhat Hanh)
