shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Les Hazlewood (JIRA)" <>
Subject [jira] Resolved: (SHIRO-145) Losing Session
Date Sun, 09 May 2010 08:00:48 GMT


Les Hazlewood resolved SHIRO-145.

    Resolution: Fixed

The DefaultSessionManager (used by default in native session mode) now defaults to a MemorySessionDAO
which does _not_ rely on caching (auto-expunging of elements after TTL, etc).  The MemorySessionDAO
uses a ConcurrentMap for highly concurrent environments as the Session object backing store.
 This makes it impossible to lose sessions - you will instead see an OutOfMemoryException
if you have more sessions than your system can handle.

If you are worried you might cross this memory threshold, consider using an enterprise caching
product (TerraCotta, etc) to overflow sessions to disk or to other machines.  If you choose
to do this, you will want to configure the SecurityManager with an org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
instance.  For example, in INI:

sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
securityManager.sessionManager.sessionDAO = $sessionDAO
cacheManager = my.enterprise.product.CacheManagerImplementation
securityManager.cacheManager = $cacheManager

> Losing Session
> --------------
>                 Key: SHIRO-145
>                 URL:
>             Project: Shiro
>          Issue Type: Bug
>          Components: Session Management
>    Affects Versions: 1.0.0
>            Reporter: Peter Ladanyi
>            Priority: Critical
>             Fix For: 1.0.0
> I'm using shiro (rev. 916858).
> Shiro was configured to use native sessions.
> In Security manager was registerd the session listener to log session live cycle events.
> What i'm getting is occasional session loss,but the listener doesn't log any entry about
> I can't figure out what is happening.
> My configuration snippet looks:
> <bean id="securityManager" class="org.apache.shiro.web.DefaultWebSecurityManager">
>         <constructor-arg ref="trustRealm"/>
>         <!--   <property name="realm" ref="trustRealm"/>-->
>         <property name="subjectFactory" ref="trustSubjectFactory"/>
>         <property name="sessionMode" value="native"/>
>         <property name="globalSessionTimeout" value="${shiro.session.timeout}"/>
>          <property name="sessionListeners">
> 	        <set>
> 	        	<bean class=""/>
> 	        </set>
> 	     </property>
>         <property name="cacheManager" >
>         	<bean class="org.apache.shiro.cache.HashtableCacheManager"/>
>         </property>
> </bean>
> session time out was set to value=600000  which is ten minutes. 
> So the expiration should not be a reason.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message