Standalone environment - automatically create new session after expiration
--------------------------------------------------------------------------
Key: JSEC-46
URL: https://issues.apache.org/jira/browse/JSEC-46
Project: JSecurity
Issue Type: Improvement
Components: Session Management
Affects Versions: 1.0
Reporter: Les Hazlewood
Assignee: Les Hazlewood
Fix For: 1.0
Per this thread: http://markmail.org/thread/4tl42fnjdaztpbso
In a non-web environment, it would be nice if the SecurityManager would
automatically/transparently create a new Session for a subject if their
existing session expires. The web environment already works this way.
It would probably be best if there were a securityManager configuration
attribute, say 'createNewSessionAfterExpiration' (or something similar) that
would enable this feature.
I'm thinking it should be enabled by default, as I assume the large majority of
application developers wouldn't want to catch InvalidSessionException in their
code. It could be disabled by using the aforementioned config attribute.
The DefaultWebSecurityManager could just piggyback the same logic, simplifying
its code (and its internal delegate WebSessionManager).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
