shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Les Hazlewood (Commented) (JIRA)" <>
Subject [jira] [Commented] (SHIRO-340) Shiro should avoid creating sessions if one doesn't exist
Date Thu, 19 Jan 2012 22:08:39 GMT


Les Hazlewood commented on SHIRO-340:

The only other place in Shiro's API that will use a Session on your behalf is by using subject.runAs.
 I supposed that would have to be configurable as well.  This ability is also turned off using
the noSessionCreation filter in a web app.
> Shiro should avoid creating sessions if one doesn't exist
> ---------------------------------------------------------
>                 Key: SHIRO-340
>                 URL:
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Web
>    Affects Versions: 1.1.0, 1.2.0
>            Reporter: Kalle Korhonen
> WebUtils.saveRequest() forces creating a session even if doesn't exist before. This hinders
scalability. For savedRequests, it's not clear session is needed at all, a cookie might be
better option for storing information in this case. Similarly, we should go through the rest
of the codebase and see if sessions are created unnecessarily.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message