Return-Path: X-Original-To: apmail-shiro-user-archive@www.apache.org Delivered-To: apmail-shiro-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3C2DF7B2B for ; Thu, 17 Nov 2011 20:38:45 +0000 (UTC) Received: (qmail 15533 invoked by uid 500); 17 Nov 2011 20:38:45 -0000 Delivered-To: apmail-shiro-user-archive@shiro.apache.org Received: (qmail 15493 invoked by uid 500); 17 Nov 2011 20:38:44 -0000 Mailing-List: contact user-help@shiro.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@shiro.apache.org Delivered-To: mailing list user@shiro.apache.org Received: (qmail 15485 invoked by uid 99); 17 Nov 2011 20:38:44 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 Nov 2011 20:38:44 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of khangaonkar@gmail.com designates 209.85.220.173 as permitted sender) Received: from [209.85.220.173] (HELO mail-vx0-f173.google.com) (209.85.220.173) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 Nov 2011 20:38:38 +0000 Received: by vcbfk26 with SMTP id fk26so1338689vcb.32 for ; Thu, 17 Nov 2011 12:38:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=T73WLtlsY+6ihVvgqxmvvjtdaVivB7C1Iz500jA0VtA=; b=A8GVNB5TGdEF2lwmLWj6ziuDafWfOYxZh4ZxnLxXukpINGKzySCyXkw7MWkeWdK6Ms UhkPrUvbR8Q7pXxUXks2sjFzVZtUNr5q495pmtAGrEDMbVZiEaXnJRQ/adPt+AZiwwvR ix8UNUbWF1IKRPJ4N6O2qDru9P9AT5fq6HIbg= MIME-Version: 1.0 Received: by 10.52.38.4 with SMTP id c4mr97958vdk.123.1321562297363; Thu, 17 Nov 2011 12:38:17 -0800 (PST) Received: by 10.52.172.212 with HTTP; Thu, 17 Nov 2011 12:38:17 -0800 (PST) In-Reply-To: References: Date: Thu, 17 Nov 2011 12:38:17 -0800 Message-ID: Subject: Re: Web Application - Stay Signed In From: Manoj Khangaonkar To: user@shiro.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org Hi Have you tried overriding the validate() method of SimpleSession to check this configured property before timing out the user. Of course, you would need to configure your SessionManager to use a SessionFactory that creates your implementation of Session. For me , this would have been the obvious way. But I remember readings posts about a few problems encountered when people tried to override SimpleSession. But you might consider giving it a try. Manoj On Wed, Nov 16, 2011 at 2:07 PM, Matthew Piggott wrote: > Hi, > > We're looking at adding a 'stay logged in' function to a web application > protected by Shiro, the intent is that a user who selects this option > wouldn't be prompted for a login for a predefined period of time. We're > considering two possibilities (though obviously open for suggestions if > there are better ideas), the first is to use remember me and the second is > to extend the length of sessions. > > With remember me, the generated cookie is valid indefinitely (which would > need to be changed) and a specific key should be set for the cipher service. > > If we were to change length of sessions we'd lose the distinction of > authenticated/remembered, but expiration would be controlled by the server. > > Would anyone have any suggestions or problems/ideas we've missed? > > Thanks, > > Matthew > -- http://khangaonkar.blogspot.com/