redis saves the session of shiro
rewrites EnterpriseCacheSessionDAO.doUpdate, and each update changes the corresponding survival time of session key (TTL)
requirements:
for example, set the expiration time of session to 1 hour
then I hope that during this 1 hour, if the user has been visiting the page of the site (background api is called), the survival time of session will be extended, for example, expiration time = current visit time + 1 hour
the actual situation is:
users do update the ttl of session in redis even if they continue to operate the website within 1 hour (session expiration time). However, the cookie on the browser side is deleted by the browser within 1 hour at most (it seems that shiro will modify the Max-age=0 of cookie and let the browser delete the cookie), so that users will report an error when they visit our website: no login!, but there is still the session in the actual redis. It"s just that the corresponding cookie on the browser has been deleted
P.S: is it possible to implement session persistence without the session manager of rememberMe?
P.S:session manager configuration:
@Bean(name="sessionManager")
public DefaultWebSessionManager defaultWebSessionManager() {
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
// sessionManager.setGlobalSessionTimeout(1800000); //30(1800000)
sessionManager.setDeleteInvalidSessions(true);
sessionManager.setSessionDAO(getRedisSessionDao());
sessionManager.setSessionValidationSchedulerEnabled(true);
sessionManager.setSessionIdCookieEnabled(true);
sessionManager.setSessionIdCookie(getSessionIdCookie());
return sessionManager;
}