Hi Erik, I had similar problems though I can't remember the exact detail when I wanted to use the shiro web session and related cookie. Order matters in the shiro.ini [1] . In that post [1], there are further references to documentation.
Regards, David. [1] http://stackoverflow.com/questions/17556787/shiro-resets-the-session-after-2-min On Friday, 4 July 2014 7:59 PM, Dan Haywood <[email protected]> wrote: Thanks for exploring this further, Erik. I've just pinged Martin Grigorov, one of the Wicket committers, and who is good enough to keep a watching eye over other Apache projects (such as ours) that use Wicket. I'm hoping he might be able to bring in a little illumination into this topic. Dan On 4 July 2014 08:03, Erik de Hair <[email protected]> wrote: > It looks like the session cookie is set by wicket. There's a class > "org.apache.wicket.util.cookies.CookieDefaults" that sets the expiration > maxAge to 30 days. I found no way to configure this (or tell wicket to use > my modified implementation) so I copied the class into the webapp and set > the maxAge to the required value (and that does the trick for now). > > I'll try to figure out: > - if it is possible to set the maxAge in Wicket runtime or by configuration > - if Shiro is or can be involved in setting the cookie like in Dan's > example [1] > > Erik > ________________________________________ > From: Dan Haywood [[email protected]] > Sent: Thursday, July 03, 2014 11:52 AM > To: users > Subject: Re: configure session timeout > > Haven't played around with this myself, so can't advise. > > The Shiro mailing list might be a good place to ask. A quick google on > StackOverflow also threw up [1], which might help > > Dan > > [1] > > http://stackoverflow.com/questions/17556787/shiro-resets-the-session-after-2-min > > > > > On 2 July 2014 11:29, Erik de Hair <[email protected]> wrote: > > > Hi, > > > > How to configure the session timeout of the web app? I tried to set the > > session time out in web.xml and in shiro.ini but both have no effect. The > > cookie expires in a month... > > > > My additional shiro-config (tried to let it expire in 1 minute): > > > > [main] > > ... > > sessionManager = > org.apache.shiro.web.session.mgt.DefaultWebSessionManager > > # 3,600,000 milliseconds = 1 hour > > sessionManager.globalSessionTimeout = 60000 > > securityManager.sessionManager = $sessionManager > > > > > > Thanks, > > Erik > > >
