Any reason why you don't just use shiro-web ? Either way, take a look at that module to see the related usage: https://github.com/apache/shiro/blob/trunk/web/src/main/java/org/apache/shiro/web
On Sat, May 3, 2014 at 3:16 PM, Matt Mitchell <[email protected]> wrote: > Hi, > > I have Shiro setup in a web app (not using shiro.web). Upon successful > login, a cookie is created. The value of the cookie is the same ID from > subject.getSession().getId() method. On the next request, I simply look for > this cookie and extract the value/decrypt and then do this: > > create a new DefaultSubjectContext instance > set the sessionId via setSessionId($value-from-cookie-here) > call createSubject(subjectContext) on the security manager > then call ThreadContext.bind(newSubject) > > It all works, but is this the recommended way to bind a session based > user? Also, should I be unbinding at the end of the request before sending > the response? > > Just looking for feedback. > > - Matt >
