Hi JJ, You could store the session id in a cookie but if that still does not work for you may need to create your own custom realm. e.g.
(1) User creates an account (2) User confirms the account (3) User accesses application - At this point you create some custom token (e.g. containing username and maybe something else like ip address) (4) Your custom realm accepts this token and checks the db to see if the this is the first time logging in. If the first time then log in succeeds. The above does not feel very secure though.. Oh just thought I should mention apache shiro does come with a 'remember me' option that might help (the user would be remembered but not authenticated). But again for this you might need a session id (not sure). Cheers, Stu p.s. I'm not an expert on this (just started using it myself) On Wed, Aug 21, 2013 at 1:21 PM, crnobog <[email protected]> wrote: > This is a nice idea but it won't work for me as the user has two days to > confirm his acc. Who knows what all could happen in this time. > > Any other ideas? > > best regards. > > JJ > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Programmatic-login-tp7579055p7579057.html > Sent from the Shiro User mailing list archive at Nabble.com. >
