Answers are inlined: On Tue, Jul 21, 2009 at 7:52 AM, gkaur <[email protected]> wrote:
> > Hi, > > I just recently started using Shiro and had a question, how is session > management implemented in Shiro, i.e how is session information remembered > between various servlets Shiro has two type of sessions management for web applications. - "shiro" : This is an implementation of session management by the shiro framework/library - "http" : This is an implementation which delegates the session management to the Servlet Container in which your application is running i.e. to the implementation of standard java HttpSession provided by your container/app server. Normally web applications use "http" mode. >> and if those servlets existed on different physical machines. This is normally out of scope of shiro as your application is free to choose various options for session sharing/duplication across cluster. I am not expert in this field but I guess application servers must be providing support to replicate the session information or you can use solutions like terracota. > > > Also does SSO concept currently exist in Shiro? I did read some posts > regarding federated sessions but the posts aren't clear as to if this > currently exist. It is my understanding that it is up to you to build SSO on top of Shiro. Hope this helps. > > > Thank you > -Gurpreet > -- > View this message in context: > http://n2.nabble.com/Session-and-SSO-tp3294375p3294375.html > Sent from the Shiro User mailing list archive at Nabble.com. >
