Hi, I just noticed that PrincipalCollection is serializable (which is the object stored under the principals session key). I think the approach I will take is to persist the serializable objects and to just ignore (at least not persist) the non-serializable ones.
Does anyway know what approach ehcache takes to the attributes? Cheers, Stuart On Thu, Aug 8, 2013 at 5:47 PM, Stuart Broad <[email protected]> wrote: > Hi, > > I'm in the process of implementing a SessionDAO (subclassed from > AbstractSessionDAO) to hook into our db. I am not sure how to handle the > persisting of session attributes. Are these typically persisted? The main > scenario I am looking into is as follows: > > (1) User logs in and a session is created via a call to a servlet. > > (2) User does some other operation and the session id is passed to another > servlet. > > (3) This other servlet will then user the session id to build a user. > -> new Subject.Builder().sessionId(s).buildSubject(); > > It seems (3) is possible because of an attribute > ("org.apache.shiro.subject.support.DefaultSubjectContext_PRINCIPALS_SESSION_KEY") > stored on the session. So as far as I can tell, in order to build the user > from the session id I would need to persist at least this attribute > (although I think all of them should be persisted with the session). Since > the session attributes are objects I am not sure what to do? I suppose I > could hack it to store the user name but I feel this is the wrong approach. > > Cheers, > > Stuart >
