shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Les Hazlewood (Commented) (JIRA)" <>
Subject [jira] [Commented] (SHIRO-340) Shiro should avoid creating sessions if one doesn't exist
Date Fri, 20 Jan 2012 19:52:40 GMT


Les Hazlewood commented on SHIRO-340:

Yeah, sorry I was scoping the 'Shiro uses the Session' issue to the savedRequest mechanism
and the runAs mechanism (without specifying exact calls).

Shouldn't this be configurable, and perhaps we default to the cookie implementation?  I mean
- is ok to assume that cookies will be preferred and always available in all environments?
> Shiro should avoid creating sessions if one doesn't exist
> ---------------------------------------------------------
>                 Key: SHIRO-340
>                 URL:
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Web
>    Affects Versions: 1.1.0, 1.2.0
>            Reporter: Kalle Korhonen
> WebUtils.saveRequest() forces creating a session even if doesn't exist before. This hinders
scalability. For savedRequests, it's not clear session is needed at all, a cookie might be
better option for storing information in this case. Similarly, we should go through the rest
of the codebase and see if sessions are created unnecessarily.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message