No, the result that I have written shows that session is kept. When I call ejb.testMe() from client you can see that every second time it outputs "I logged out". If you don't believe me you can try yourself. AND THIS IS THE ISSUE I DON'T UNDERSTAND AND ALL THIS THREAD IS ABOUT IT.
*Duplicate:* When I call it first time from my client I have: #0:f7b3117d-b4e0-4eef-9221-f99dbb87ecc2 #1:f7b3117d-b4e0-4eef-9221-f99dbb87ecc2 When I call it second time from client I have: I logged out #1:2edcab36-cb97-4722-b91b-82ec225deb78 Again: #0:2edcab36-cb97-4722-b91b-82ec225deb78 #1:2edcab36-cb97-4722-b91b-82ec225deb78 Again: I logged out #1:b92ba3f4-deb9-41f2-9a36-b571dc33f082]] The only thing I found in docs is "If deploying inside a web application, by default the Session will be HttpSession based. But, in a non-web environment, like this simple Quickstart, Shiro will automatically use its Enterprise Session Management by default. This means you get to use the same API in your applications, in any tier, regardless of deployment environment. This opens a whole new world of applications since any application requiring sessions does not need to be forced to use the HttpSession or EJB Stateful Session Beans. And, any client technology can now share session data." - Maybe they have implemented some internal mechanism... A*nd this is what I'm trying to find out.* -- View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-session-for-EJB-tp7579994p7580005.html Sent from the Shiro User mailing list archive at Nabble.com.
