Class DefaultWebSessionStorageEvaluator

  • All Implemented Interfaces:

    public class DefaultWebSessionStorageEvaluator
    extends DefaultSessionStorageEvaluator
    A web-specific SessionStorageEvaluator that performs the same logic as the parent class DefaultSessionStorageEvaluator but additionally checks for a request-specific flag that may enable or disable session access.

    This implementation usually works in conjunction with the NoSessionCreationFilter: If the NoSessionCreationFilter is configured in a filter chain, that filter will set a specific ServletRequest attribute indicating that session creation should be disabled.

    This DefaultWebSessionStorageEvaluator will then inspect this attribute, and if it has been set, will return false from isSessionStorageEnabled(org.apache.shiro.subject.Subject) method, thereby preventing Shiro from creating a session for the purpose of storing subject state.

    If the request attribute has not been set (i.e. the NoSessionCreationFilter is not configured or has been disabled), this class does nothing and delegates to the parent class for existing behavior.