Since the subject is authenticated at the point you reach the backed then maybe you can use some kind of impersonation I.e a backend job runs the long running process on behalf of the subject.
On Fri 17. Feb 2023 at 09:52, Boris Petrov <[email protected]> wrote: > OK, thanks for the answer. But in that case how would I handle the > following case - a request is made from the frontend with some > authenticated subject. I want to trigger some long-running process and > do something that requires a valid session after that. The long-running > process is in a chain of asynchronous stuff and I don't know where it > will "end" so I can log-out the subject. What are the best practices for > something like that? > > On 2/16/23 19:13, [email protected] wrote: > > I would not recommend it. Unless the Subject is logged out, the session > would not be garbage collected. > > Technically this is possible if every subject is ’sure’ to be logged > out, but that’s is unrealistic in a web application. > > > >> On Feb 16, 2023, at 8:01 AM, Boris Petrov<[email protected]> > wrote: > >> > >> Hi all, > >> > >> I'm wondering is it "safe" to call `setTimeout(-1);` on a Shiro > session. That is, after I do that, is that a memory leak? Whenever the > `Subject` of that `Session` is GC'd, will the session also be invalidated > and removed from the session-manager or that must be done manually? Thanks! > >> > >> Regards, > >> Boris > >> >
