I have implemented Shiro with Spring MVC. Everything is going well except
session expiry. Even I have session-timeout config in web.xml, session has
not been expiring after that time. It is kind of never expiration. Could
some tell me how to handle it in Shiro config or any other way to honor
based on session-timeout?
I would like to redirect user to logout page. From there user will have
option to login thru link.
Here is my application flow.
Application is designed to work on Windows machines only.
- Apache tomcat has configured to send windows logged in username in every requested url.
- We have a Spring mvc listener to grab them and do authentication on first request as there is no specific login page.
- Once session is expired it(Listener) is again pushing to login and redirecting to home page. So there is no way redirect to logout on session expiration.
- I tried to use ShiroSessionListener and throwing a Runtime Exception to catch it in Spring
ExceptionHandler, But it has not been catching in exceptionHandler method.
Is there any way to redirect to any specific page on session expiration?