Hi,
I'm in the process of implementing a SessionDAO (subclassed from
AbstractSessionDAO) to hook into our db. I am not sure how to handle the
persisting of session attributes. Are these typically persisted? The main
scenario I am looking into is as follows:
(1) User logs in and a session is created via a call to a servlet.
(2) User does some other operation and the session id is passed to another
servlet.
(3) This other servlet will then user the session id to build a user.
-> new Subject.Builder().sessionId(s).buildSubject();
It seems (3) is possible because of an attribute
("org.apache.shiro.subject.support.DefaultSubjectContext_PRINCIPALS_SESSION_KEY")
stored on the session. So as far as I can tell, in order to build the user
from the session id I would need to persist at least this attribute
(although I think all of them should be persisted with the session). Since
the session attributes are objects I am not sure what to do? I suppose I
could hack it to store the user name but I feel this is the wrong approach.
Cheers,
Stuart
