ServletContainerSessionManager does not honor web.xml's session timeout value -----------------------------------------------------------------------------
Key: SHIRO-240 URL: https://issues.apache.org/jira/browse/SHIRO-240 Project: Shiro Issue Type: Bug Components: Web Affects Versions: 1.1.0, 1.0.0 Reporter: Les Hazlewood Fix For: 1.2.0 Instead of just calling request.getSession(), the implementation looks at the parent class's 'globalSessionTimeout' value and explicitly sets the session timeout to be that value. However, when the ServletContainerSessionManager is configured, it is expected to defer to the servlet container for all session-related configuration. The current implementation should not be overriding the session timeout value. -- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira