Hi, In case anyone else is interested in this issue - SimpleSession is also serializable so I will probably serialize that to the db. I found some posts indicating that ehcache does something similar (and may have a problem if the attributes are not serializable).
Cheers, Stuart On Thu, Aug 8, 2013 at 10:00 PM, Stuart Broad <[email protected]> wrote: > Hi, > > I just noticed that PrincipalCollection is serializable (which is the > object stored under the principals session key). I think the approach I > will take is to persist the serializable objects and to just ignore (at > least not persist) the non-serializable ones. > > Does anyway know what approach ehcache takes to the attributes? > > Cheers, > > Stuart > > > On Thu, Aug 8, 2013 at 5:47 PM, Stuart Broad <[email protected]> wrote: > >> Hi, >> >> I'm in the process of implementing a SessionDAO (subclassed from >> AbstractSessionDAO) to hook into our db. I am not sure how to handle the >> persisting of session attributes. Are these typically persisted? The main >> scenario I am looking into is as follows: >> >> (1) User logs in and a session is created via a call to a servlet. >> >> (2) User does some other operation and the session id is passed to >> another servlet. >> >> (3) This other servlet will then user the session id to build a user. >> -> new Subject.Builder().sessionId(s).buildSubject(); >> >> It seems (3) is possible because of an attribute >> ("org.apache.shiro.subject.support.DefaultSubjectContext_PRINCIPALS_SESSION_KEY") >> stored on the session. So as far as I can tell, in order to build the user >> from the session id I would need to persist at least this attribute >> (although I think all of them should be persisted with the session). Since >> the session attributes are objects I am not sure what to do? I suppose I >> could hack it to store the user name but I feel this is the wrong approach. >> >> Cheers, >> >> Stuart >> > >
