Initially I was not explicitly setting the session manager in my shiro.ini, so it defaults to ServletContainerSessionManager. ServletContainerSessionManager doesn't have a sessionIdCookie property, so I get the NoSuchMethodException exception during startup (if I use securityManager.sessionManager.sessionIdCookie.maxAge in shiro.ini).
If I try to explicitly set the session manager to DefaultWebSessionManager in shiro.ini, I get the previously mentioned AccessControlException, which, as far as I can make out, is because DefaultWebSessionManager must be trying to write to disk, and that is forbidden on Google App Engine. I also tried to do user.getSession().setTimeout(timeoutValue * 1000) immediately after user logs in (with ServletContainerSessionManager active), but that seems to have no effect. httpServletRequest.getSession().setMaxInactiveInterval(timeoutValue) didn't work either. Any suggestions? There must be a way to set session cookie timeout on GAE using Shiro... Regards, Harshdeep S Jawanda On 13 March 2017 at 20:22, Brian Demers <[email protected]> wrote: > If you are using a shiro.ini the property would be: > securityManager.sessionManager.sessionIdCookie.maxAge = <int> > > Otherwise you can traverse your beans, something like: sessionManger. > getSessionIdCookie().setMaxAge(<int>) > > On Mon, Mar 13, 2017 at 12:41 AM, Harshdeep S Jawanda <[email protected] > > wrote: > >> Hi, >> >> I wondered if anybody could help me with setting the session cookie >> lifetime for Shiro on GAE. >> >> I tried with DefaultWebSessionManager but I get an AccessControlException: >> >> java.security.AccessControlException: access denied >> ("java.lang.RuntimePermission" "modifyThreadGroup") >> >> Tried org.apache.shiro.session.Session#setTimeout(432000 * 1000) but >> that doesn't work either. The JSESSIONID cookie continues to show an >> Expires value of "At end of session". >> >> Regards, >> Harshdeep S Jawanda >> > >
