Re: Apache Shiro JWT Token Authentication Random Disconnects Problem With SessionTimeout

Fri, 18 Oct 2019 07:17:03 -0700 

When storing sessions (or any objects in a cache) they are subject to that
Cache's configuration/policy

This is the default for EhCache config is:
https://github.com/apache/shiro/blob/master/support/ehcache/src/main/resources/org/apache/shiro/cache/ehcache/ehcache.xml

Based on your session timeout, it looks like you might need to bump the
cache TTL.


On Fri, Oct 18, 2019 at 4:12 AM mixtou <[email protected]> wrote:

> Yes below is my shiro.ini
>
> [main]
> jwtg = gr.histopath.platform.lib.JWTGuard
> jwtv =  gr.histopath.platform.lib.JWTVerifyingFilter
>
> ds = com.mysql.cj.jdbc.MysqlDataSource
> ds.serverName = 127.0.0.1
> ds.port = 3306
> ds.user = histopathUser
> ds.password = H1s+0p@+h.U$er
> ds.databaseName = histopath
>
> jdbcRealm = gr.histopath.platform.lib.MyRealm
> jdbcRealm.dataSource = $ds
>
> credentialsMatcher =
> org.apache.shiro.authc.credential.Sha512CredentialsMatcher
> credentialsMatcher.hashIterations = 50000
> credentialsMatcher.hashSalted = true
> credentialsMatcher.storedCredentialsHexEncoded = false
> jdbcRealm.credentialsMatcher = $credentialsMatcher
>
> jdbcRealm.permissionsLookupEnabled = false
>
>
> sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
> securityManager.sessionManager = $sessionManager
>
> sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
> securityManager.sessionManager.sessionDAO = $sessionDAO
>
> cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
> securityManager.cacheManager = $cacheManager
>
> sessionValidationScheduler =
> org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler
> # Default is 3,600,000 millis = 1 hour:
> sessionValidationScheduler.interval = 3600000
>
> securityManager.sessionManager.sessionValidationScheduler =
> $sessionValidationScheduler
>
>
> securityManager.sessionManager.globalSessionTimeout = 172800000
>
> securityManager.realms = $jdbcRealm
>
> shiro.loginUrl = /authentication/login
> [users]
>
> [roles]
>
> [urls]
>
> /authentication/login = authc
> # /authentication/logout = logout
>
> /search/* = noSessionCreation, jwtv
> /statistics/* = noSessionCreation, jwtv
> /clinics/* = noSessionCreation, jwtv
> /patients/* = noSessionCreation, jwtv
> /incidents/* = noSessionCreation, jwtv
> /doctors/* = noSessionCreation, jwtv
>
> /users/new = noSessionCreation, anon
> /users/details/* = noSessionCreation, anon
> /users/* = noSessionCreation, jwtv
>
> /** = anon
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/
>

Reply via email to