Hi Jelle, Look at this test class for a usage scenario:
http://svn.apache.org/repos/asf/incubator/jsecurity/trunk/core/test/org/jsecurity/mgt/DefaultSecurityManagerTest.java Specifically the "autoCreateSessionAfterInvalidation" test case. A note of clarification too: Application Developers should be using the Subject/Session API (as shown in the above test case) instead of interacting with the SecurityManager directly. Framework Developers on the other hand, focusing on framework/integration code, might find working with the SecurityManager directly useful, but it rarely needs to be accessed by Application Developers. Does the above test code help? It basically asserts that a Session will be transparently re-created automatically without throwing an Exception to the application developer. This is verified by the fact that session.getId() returns a different ID than the one that was first acquired before the session timed out. Were you looking for something else? This behavior is essentially what happens in servlet environments, which is why I've carried over the same behavior in a non-servlet environment - principal of 'least surprise' for application developers that are comfortable with that behavior. Please let us know if there would be some behavior that makes more sense to you if the current behavior does not. Regards, Les On Mon, Jan 26, 2009 at 11:52 AM, jvreeker <[email protected]> wrote: > > Hi les, > > I am a little bit confused. I am using the 1.0 version. > But A user logs in and the for a while he doesn't do anything. So session > is > expired. > No he Logs in again so the Subject is still available only session is > expired. how can I check if the session is invalid. > > Problem is that I Get an ReplaceSessionException somewhere in the server > when I check if the SessionID is valid. But I need to know this when a user > logs in again. So I can send the right session ID back. > > Thanks, > > Jelle > -- > View this message in context: > http://n2.nabble.com/Session-Expiration-tp2186574p2219071.html > Sent from the JSecurity User mailing list archive at Nabble.com. > >
