Hi Al, I would think you still need sessions (even if they never expire...or at last a long time!). Sounds more like your problem is building a subject with some information from a cookie (in most cases this cooke information would essentially be the session id).
I think what you need is: 1) Subject requestSubject = new Subject.Builder().sessionId(sessionId).buildSubject(); -or- 2) Subject requestSubject = new Subject.Builder(aSessionManager).sessionId(sessionId).buildSubject(); Cheers, Stuart On Tue, Sep 10, 2013 at 7:29 PM, ajoslin103 <[email protected]> wrote: > Hi There, > > We are trying to implement SSO across multiple WARs across multiple > servers > > Shiro is a perfect fit for us as we have to support multiple > authentication-only realms and a single authorization scheme > > We would like to do this with cookies only > > What is the best way to serialize & reconstitute a Shiro subject in > support of this ? > > Thanks! > > Al; > > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Can-I-do-Shiro-without-Sessions-tp7579120.html > Sent from the Shiro User mailing list archive at Nabble.com. >
