I think the desired behaviour suggested in the initial bug is what I would vote for:
https://issues.apache.org/jira/browse/SHIRO-60 In Non-web environment: - SecurityManager would automatically creates new Session for a subject if their existing session expires - Configurable attribute e.g. 'createNewSessionAfterExpiration' (enabled by default) The only enhancement I can think of is that the logic that does the "automatic creation of new Session" would be nice if this was accessible too.. So if you wanted you could unconfigure the attribute above and catch InvalidSessionException then invoke the code manually. As you have mentioned in my http://shiro-user.582556.n2.nabble.com/Standalone-Session-Timeout-td5007851.html#a5007851 original post "....This is kind of nasty stuff...." -- View this message in context: http://shiro-user.582556.n2.nabble.com/How-do-you-want-session-auto-re-creation-after-expiration-to-work-tp5010054p5059172.html Sent from the Shiro User mailing list archive at Nabble.com.
