After successful login, use Subject.getSession() to get the session; it is equivalent to Subject.getSession(true), that is, if there is no Session object currently created, one will be created;
In addition, Subject.getSession(false) returns null if no Session is currently created (but by default, if the session storage function is enabled, a Session will be actively created when a Subject is created).
JAVA code
session.getId();
Get session unique id
session.getHost();
Get the host address of the current Subject, which is provided by HostAuthenticationToken.getHost().
session.getTimeout();
session.setTimeout(milliseconds);
Get/set the expiration time of the current session;
session.getStartTimestamp();
session.getLastAccessTime();
Get session start time and last access time
session manager
The session manager manages the creation, maintenance, deletion, invalidation, verification, etc. of the sessions of all Subjects in the application. It is the core component of Shiro. The top-level component SecurityManager directly inherits SessionManager, and provides SessionsSecurityManager to directly delegate session management to the corresponding SessionManager. DefaultSecurityManager and DefaultWebSecurityManager default SecurityManager both inherit SessionsSecurityManager.
1. Customize SessionDao persistent session related information
@Component public class ShiroSessionDao extends CachingSessionDAO { @Autowired private SessionDao sessionDao; @Override public Serializable doCreate(Session session) { ShiroSession ss = new ShiroSession(); Serializable sessionId = generateSessionId(session); assignSessionId(session, sessionId); ss.setSession(sessionId.toString()); ss.setHost(session.getHost()); sessionDao.createSession(ss); return sessionId; } @Override public void doDelete(Session session) { Serializable sessionId = session.getId(); sessionDao.deleteSession(sessionId.toString()); } @Override protected Session doReadSession(Serializable sessionId) { return super.getCachedSession(sessionId); } @Override protected void doUpdate(Session session) { } }
2. Configure SessionManager
// Configuration settings session ID generator, @Bean public JavaUuidSessionIdGenerator sessionIdGenerator(){ return new JavaUuidSessionIdGenerator(); } @Bean public SessionDAO getSessionDao(){ ShiroSessionDao sessionDao = new ShiroSessionDao(); sessionDao.setSessionIdGenerator(sessionIdGenerator()); return sessionDao; } @Bean public SessionManager sessionManager(){ SessionManager sessionManager = new SessionManager(); ExecutorServiceSessionValidationScheduler scheduler = new ExecutorServiceSessionValidationScheduler(); scheduler.setInterval(180000); scheduler.setSessionManager(sessionManager); sessionManager.setGlobalSessionTimeout(180000); sessionManager.setSessionValidationScheduler(scheduler); sessionManager.setSessionDAO(getSessionDao()); return sessionManager; } @Bean public EhCacheManager cacheManager(){ EhCacheManager cache = new EhCacheManager(); cache.setCacheManagerConfigFile("classpath:ehcache.xml"); return cache; }
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myShiroRealm());
securityManager.setSessionManager(sessionManager());
securityManager.setCacheManager(cacheManager());
return securityManager;
}
ExecutorServiceSessionValidationScheduler: The session validation scheduler, which regularly detects whether the session has expired
. Now the user session will be saved to the database, and the ExecutorServiceSessionValidationScheduler will regularly detect whether it has expired.