shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kalle Korhonen (Commented) (JIRA)" <>
Subject [jira] [Commented] (SHIRO-340) Shiro should avoid creating sessions if one doesn't exist
Date Fri, 20 Jan 2012 17:28:40 GMT


Kalle Korhonen commented on SHIRO-340:

WebUtils.getSavedRequest() also forces creating a session. I made a proof-of-concept implementation
of saving the request to a cookie instead of session and that works fine. Might make sense
to limit the scope of this issue to refactoring the saved request implementation to use cookies
instead of session.
> Shiro should avoid creating sessions if one doesn't exist
> ---------------------------------------------------------
>                 Key: SHIRO-340
>                 URL:
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Web
>    Affects Versions: 1.1.0, 1.2.0
>            Reporter: Kalle Korhonen
> WebUtils.saveRequest() forces creating a session even if doesn't exist before. This hinders
scalability. For savedRequests, it's not clear session is needed at all, a cookie might be
better option for storing information in this case. Similarly, we should go through the rest
of the codebase and see if sessions are created unnecessarily.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message