[
https://issues.apache.org/jira/browse/SHIRO-145?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Les Hazlewood resolved SHIRO-145.
---------------------------------
Resolution: Fixed
The DefaultSessionManager (used by default in native session mode) now defaults
to a MemorySessionDAO which does _not_ rely on caching (auto-expunging of
elements after TTL, etc). The MemorySessionDAO uses a ConcurrentMap for highly
concurrent environments as the Session object backing store. This makes it
impossible to lose sessions - you will instead see an OutOfMemoryException if
you have more sessions than your system can handle.
If you are worried you might cross this memory threshold, consider using an
enterprise caching product (TerraCotta, etc) to overflow sessions to disk or to
other machines. If you choose to do this, you will want to configure the
SecurityManager with an
org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO instance. For
example, in INI:
<snip>
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
securityManager.sessionManager.sessionDAO = $sessionDAO
cacheManager = my.enterprise.product.CacheManagerImplementation
securityManager.cacheManager = $cacheManager
</snip>
> Losing Session
> --------------
>
> Key: SHIRO-145
> URL: https://issues.apache.org/jira/browse/SHIRO-145
> Project: Shiro
> Issue Type: Bug
> Components: Session Management
> Affects Versions: 1.0.0
> Reporter: Peter Ladanyi
> Priority: Critical
> Fix For: 1.0.0
>
>
> I'm using shiro (rev. 916858).
> Shiro was configured to use native sessions.
> In Security manager was registerd the session listener to log session live
> cycle events.
> What i'm getting is occasional session loss,but the listener doesn't log any
> entry about that.
> I can't figure out what is happening.
> My configuration snippet looks:
> <bean id="securityManager"
> class="org.apache.shiro.web.DefaultWebSecurityManager">
> <constructor-arg ref="trustRealm"/>
> <!-- <property name="realm" ref="trustRealm"/>-->
> <property name="subjectFactory" ref="trustSubjectFactory"/>
> <property name="sessionMode" value="native"/>
> <property name="globalSessionTimeout"
> value="${shiro.session.timeout}"/>
> <property name="sessionListeners">
> <set>
> <bean
> class="sk.posam.trust.profile.privateimpl.util.TrustShiroSessionListener"/>
> </set>
> </property>
>
> <property name="cacheManager" >
> <bean class="org.apache.shiro.cache.HashtableCacheManager"/>
> </property>
>
> </bean>
> session time out was set to value=600000 which is ten minutes.
> So the expiration should not be a reason.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
