Hi Ed, Apparently Shiro's ServletContainerSessionManager (that uses the Servlet container by default - not shiro's native sessions) does not honor the web.xml setting. It looks at Shiro's 'globalSessionTimeout' property instead. I consider this a bug for this particular implementation (the ServletContainerSessionManager should reflect the servlet container's settings IMO).
I've opened a Jira issue to reflect this: https://issues.apache.org/jira/browse/SHIRO-240 In the meantime, you can set shiro's 'globalSessionTimeout' property to get around the issue. For example: # 1 hour (all of Shiro's timeout values are in millis, unlike web.xml's minutes): securityManager.sessionManager.globalSessionTimeout = 3600000 HTH! -- Les Hazlewood Founder, Katasoft, Inc. Application Security Products & Professional Apache Shiro Support and Training: http://www.katasoft.com On Thu, Feb 3, 2011 at 11:37 AM, Ed Young <[email protected]> wrote: > Is there anything in the Grails Shiro (1.0 plugin) that might cause the > timeout at 30 minutes despite the web.xml configuration set to 60 mins? > > I thought I could extend the session timeout to 60 minutes simply by either > > adding this to web.xml in the deployed application > > <session-config> > <session-timeout>60</session-timeout> > </session-config> > > Or by adding the same descriptor above to the > > chimps/src/templates/war/web.xml > > in the application source. > > add this to web.xml in the deployed application > <session-config> > <session-timeout>60</session-timeout> > </session-config> > > > Or add it to the chimps/src/templates/war/web.xml in the application source. > I've done both, but the app is still timing out after only 30 minutes. > > The tomcat manager (Apache Tomcat/6.0.24) indicates: > expire sessions with ide >= 60 minutes.
