Hi Jared, yes, that's my conclusion -- at least in REST world -- that Shiro sessions are <em>great</em> benefit for Java systems (from Javadoc ;) and I do want to use them. And what you did intrigues my imagination, since in "my" solution, a lot of moving parts (Http Servlet container, etc) are triggered just for nothing, to achieve exactly what you did: to have session lifespan equal to the request's.
This is something Shiro should support IMO. +1 for seeing that piece of code :) Thanks, ~t~ On Thu, Feb 17, 2011 at 3:30 PM, Jared Bunting <[email protected]> wrote: > Tamás, > > I've encountered the same problem and approached it in a slightly > different way. Basically, I created my own implementation of > SessionManager and Session that are backed only by the > HttpServletRequest. Each session's lifecycle is tied to the request. > > I'd also be interested in criticism of this approach, or if anyone is > interested in seeing the code I'd be happy to share it. > > Thanks, > Jared > >
