The SessionManager currently has no knowledge of caching - it is the SessionDAO that would use caching.
This means that when session caching is enabled, you won't see reduced SessionDAO access, but you will see reduced data store access (your SessionDAO will access the cache, and if the session is present, return it, otherwise it will hit the data store to do a lookup). SessionDAO caching is provided out of the box if you configure a SessionDAO implementation that extends CachingSessionDAO. If you are using an 'enterprisey' cache (that can guarantee data durability) to be your actual session data store, this usually amounts to just configuring an EnterpriseCacheSessionDAO: cacheManager = com.my.enterprisey.CacheManager sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO securityManager.sessionManager.sessionDAO = $sessionDAO securityManager.cacheManager = $cacheManager NOTE: Using the MemoryConstrainedCacheManager is _not_ a good CacheManager to use to store Sessions: it auto-sizes itself based on the application's available memory. This means you could lose sessions if the JVM does a GC. You only want to use EnterpriseCacheSessionDAO if your cache is more 'enterprisey' and won't expunge session data (i.e. it will page session data to disk if cache memory becomes full). If you do want to use the MemoryConstrainedCacheManager as your caching mechanism, this is ok as long as you subclass CachingSessionDAO and communicate with a durable data store of your choice. HTH! -- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 On Thu, Aug 22, 2013 at 9:55 AM, Stuart Broad <[email protected]> wrote: > Hi all, > > Using my own realm (subclass of AuthenticatingRealm) I have been able to > get caching working in terms of calls to doGetAuthorizationInfo and > doGetAuthenticationInfo. However I cannot seem to get caching working for > the session manager (The number of calls to SessionDAO do not get any less > after I have 'added' in caching). > > Here is my simplified ini file: > > myRealm = MyAuthenticatingRealm > > myRealm.authenticationCachingEnabled = true > > > sessionDAO = MySessionDAO > > cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager > > securityManager.cacheManager = $cacheManager > > securityManager.sessionManager.cacheManager = $cacheManager //tried with > and without this > > securityManager.sessionManager.sessionDAO = $sessionDAO > > Any pointers would be much appreciated. I suppose I could implement > caching in the session dao itself but I thought this was provided by the > out of the box session manager (with a cache plugged in). > > Cheers, > > Stuart >
