Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Shiro: Cannot invalidate HttpSession

Tags:

session

jakarta-ee

shiro

httpsession

I have a Shiro session (id=11111) and a http session (id=22222).

When I try to invalidate the HttpSession, the wrong id is used.

Code:

public void logout() {
      SecurityUtils.getSubject().logout();

// exception is thrown in this line
FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
    }

Exception:

java.lang.IllegalStateException:
 org.apache.shiro.session.UnknownSessionException:
 There is no session with id [22222]

How can I invalidate the HttpSession or rather set the correct id?

like image 1000
sinclair Avatar asked Aug 07 '15 12:08

sinclair

1 Answers

The problem was solved by implementing a HttpSessionBindingListener and create a mapping of Shiro sessions to http sessions.

like image 131
sinclair Avatar answered Oct 23 '22 13:10

sinclair
Sign in to Comment

Related questions

Flask session and multiple users
Difference in Logoff notification events between Windows XP and Windows 7
"Impersonating" session in a web service call
Sessions brute forcing
ASP.NET Sessions Corrupted Under Load
Magento : Can't add product to cart after order
ASP.NET Session - big object vs many small objects
Does a PHP session work across subdirectories?
How to: persistent PHP session across subdomains [duplicate]
Classic ASP JQuery AJAX not maintaining session
Tomcat/spring session management for anonymous user
Efficient session variable server-side caching with Python+Flask
Hibernate session ID
Can't store session data after session_regenerate_id();
Node, express.session as middleware does not set cookie
Transmit Session IDs in URLs (Session trans_sid equivalent Laravel)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!