Hi Have you tried overriding the validate() method of SimpleSession to check this configured property before timing out the user. Of course, you would need to configure your SessionManager to use a SessionFactory that creates your implementation of Session.
For me , this would have been the obvious way. But I remember readings posts about a few problems encountered when people tried to override SimpleSession. But you might consider giving it a try. Manoj On Wed, Nov 16, 2011 at 2:07 PM, Matthew Piggott <[email protected]> wrote: > Hi, > > We're looking at adding a 'stay logged in' function to a web application > protected by Shiro, the intent is that a user who selects this option > wouldn't be prompted for a login for a predefined period of time. We're > considering two possibilities (though obviously open for suggestions if > there are better ideas), the first is to use remember me and the second is > to extend the length of sessions. > > With remember me, the generated cookie is valid indefinitely (which would > need to be changed) and a specific key should be set for the cipher service. > > If we were to change length of sessions we'd lose the distinction of > authenticated/remembered, but expiration would be controlled by the server. > > Would anyone have any suggestions or problems/ideas we've missed? > > Thanks, > > Matthew > -- http://khangaonkar.blogspot.com/
