Use Subject.getsession () to get the session after successful login, which is equivalent to Subject.getsession (true), that is, if the session object is not currently created, one will be created;
In addition, Subject.getsession (FALSE) returns NULL if no session is currently created (however, by default, if you enable the Sessions store feature, you will be actively creating a session when you create subject).
Java code
Session.getid ();
Get session Unique ID
Gets the host address of the current subject, which is provided through Hostauthenticationtoken.gethost ().
Session.gettimeout (); Session.settimeout (MS);
Gets/sets the expiration time of the current session;
Session.getstarttimestamp (); Session.getlastaccesstime ();
Gets the start time and last access time of the session
Session Manager
The session Manager manages the creation, maintenance, deletion, invalidation, and validation of all subject sessions in the app. Is the core component of Shiro, the top-level component SecurityManager directly inherits SessionManager, and provides Sessionssecuritymanager implementation to delegate session management directly to the corresponding SessionManager, The Defaultsecuritymanager and Defaultwebsecuritymanager default SecurityManager inherit Sessionssecuritymanager.
1. Customizing Sessiondao persistence Session Related information
@Component Public classShirosessiondaoextendsCachingsessiondao {@AutowiredPrivateSessiondao Sessiondao; @Override PublicSerializable Docreate (Session session) {Shirosession SS=Newshirosession (); Serializable sessionId=Generatesessionid (session); Assignsessionid (session, SESSIONID); Ss.setsession (Sessionid.tostring ()); Ss.sethost (Session.gethost ()); Sessiondao.createsession (ss); returnsessionId; } @Override Public voidDoDelete (Session session) {Serializable sessionId=Session.getid (); Sessiondao.deletesession (Sessionid.tostring ()); } @OverrideprotectedSession doreadsession (Serializable sessionId) {return Super. Getcachedsession (SESSIONID); } @Overrideprotected voidDoUpdate (Session session) {}}
2. Configure SessionManager
//configuration settings Session ID generator,@Bean Publicjavauuidsessionidgenerator Sessionidgenerator () {return NewJavauuidsessionidgenerator (); } @Bean PublicSessiondao Getsessiondao () {Shirosessiondao Sessiondao=NewShirosessiondao (); Sessiondao.setsessionidgenerator (Sessionidgenerator ()); returnSessiondao; } @Bean PublicSessionManager SessionManager () {SessionManager SessionManager=NewSessionManager (); Executorservicesessionvalidationscheduler Scheduler=NewExecutorservicesessionvalidationscheduler (); Scheduler.setinterval (180000); Scheduler.setsessionmanager (SessionManager); Sessionmanager.setglobalsessiontimeout (180000); Sessionmanager.setsessionvalidationscheduler (scheduler); Sessionmanager.setsessiondao (Getsessiondao ()); returnSessionManager; } @Bean PublicEhcachemanager CacheManager () {Ehcachemanager cache=NewEhcachemanager (); Cache.setcachemanagerconfigfile ("Classpath:ehcache.xml"); returnCache; }
@Bean
Public SecurityManager SecurityManager () {
Defaultwebsecuritymanager SecurityManager = new Defaultwebsecuritymanager ();
Securitymanager.setrealm (Myshirorealm ());
Securitymanager.setsessionmanager (SessionManager ());
Securitymanager.setcachemanager (CacheManager ());
return SecurityManager;
}
Executorservicesessionvalidationscheduler: Session Verification Scheduler, timed to detect session expiration
User sessions are now saved to the database and checked for expiration by Executorservicesessionvalidationscheduler timing
(iv) Session management-"integration of Springboot and Shiro"