ServletContainerSessionManager does not honor web.xml's session timeout value
-----------------------------------------------------------------------------
Key: SHIRO-240
URL: https://issues.apache.org/jira/browse/SHIRO-240
Project: Shiro
Issue Type: Bug
Components: Web
Affects Versions: 1.1.0, 1.0.0
Reporter: Les Hazlewood
Fix For: 1.2.0
Instead of just calling request.getSession(), the implementation looks at the
parent class's 'globalSessionTimeout' value and explicitly sets the session
timeout to be that value.
However, when the ServletContainerSessionManager is configured, it is expected
to defer to the servlet container for all session-related configuration. The
current implementation should not be overriding the session timeout value.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
